Database Reference
In-Depth Information
5. Whether individuals will be notified that their information will be
maintained in a CSP environment and what opportunities individu-
als have to decline to provide information that will be maintained in
a CSP environment
6. What ability individuals have to consent to particular uses of the
information, and how individuals can grant consent
7. How the organization and CSP will secure information in the cloud
In addition, a cloud computing PIA should focus specific attention on:
1. The physical location of the data maintained by the CSP
2. The retention policies that apply to the data maintained in a CSP
environment
3. The mechanism by which an organization maintains control over
data (e.g., by contractual provisions, nondisclosure agreements, etc.)
that is maintained by CSPs
4. The means by which the CSP will terminate storage and delete data
at the end of the contract or project life cycle
Data Location
Many CSP environments involve the storage of data across multiple
facilities, often across the globe. Where data resides changes an organi-
zation's applicable legal rights, expectations, and privileges based on the
laws of the country where the data is located. To fully understand who
may have access to this data, organizations need to first consider the
type of data they plan to place in a cloud environment and then review
the laws and policies of the country where the cloud providers' servers
are located.
Almost every country has different standards and laws for handling
personal information that CSPs must meet if they maintain facilities
within their borders. Some countries allow persons with rights of access
to personal information that may not directly align with the legal frame-
work in the United States. Other countries may permit law enforcement
to request more data from cloud providers than within the United States.
It may not be clear how the privacy laws and protections apply in these
situations. In any situation where a CSP environment goes outside of US
territories, there is a potential for conflict of law, and organizations must
Search WWH ::
Custom Search