Database Reference
In-Depth Information
take sufficient time to proactively consult with legal counsel about the
possible ramifications.
Breach Response
When placing data that contains personally identifiable information (PII)
in a CSP environment, organizations need to be aware of issues related to
data loss incidents or breaches that are specific to the CSP environment.
Organizations need to ensure that they can expand their breach policies
and plans as required to ensure compliance with existing requirements
for response. These policies must specify which parties are responsible for
the cost and containment or mitigation of harm and for notifying affected
individuals where required, as well as provide for instruction and require-
ments on terminating storage and deleting data upon expiration of the
agreement or the agreement term and extension options.
It is important to ensure that an organization's breach policies and
plans adequately address the new relationship between the organization
and CSP, including the assignment of specific roles and tasks between the
organization and the CSP, even before determination of ultimate responsi-
bility in the case of a data breach. It is important to establish clear contrac-
tual duties and liability of the CSP for timely breach reporting, mitigation
(i.e., administrative, technical, or physical measures to contain or remedy
the breach), and costs, if any, of providing notice, credit monitoring, or
other appropriate relief to affected individuals as appropriate under the
circumstances. It is also important to address when the termination of
services and assertion of the organization's rights of ownership, custody,
transfer (return), or deletion of any data stored in a CSP environment
will be invoked by the organization as a remedy for a breach. Finally, it
is important to ensure that there are appropriate audit rights to permit
compliance reviews.
SUMMARY
Oracle offers robust cloud services, but it is very important that the orga-
nization make a reasoned decision as to whether and which cloud ser-
vices to utilize. The assessment must most importantly include level of
support and security. Readers are also urged to review Cloud Procurement
Search WWH ::
Custom Search