07-09-13 | Blog Post
Earlier this year in April, the U.S. Department of Commerce’s International Trade Administration (ITA) released a document to provide guidance on the use of U.S. cloud service providers by those in the European Union (EU) regarding personal data hosting and privacy.
Specifically, the U.S.-EU Safe Harbor set of policy standards facilitates a bridge to close the gap between Europe’s standardized data privacy laws and the U.S.’s more varied data privacy laws, each custom and different per private sector standards (i.e., HIPAA for healthcare; PCI DSS for ecommerce; SOX for financial reporting, etc.).
For a detailed description of the Safe Harbor Privacy Principles, read What is U.S.-EU Safe Harbor?
According to the ITA, Safe Harbor is applicable to cloud service agreements, and cloud service providers are required to enter into a contract, regardless of compliance status and even if they receive personal data only for processing.
The document also addresses another publicly issued opinion released last year by the Article 29 Data Protection Working Party that critiqued the use of Safe Harbor and cloud service provider – a few include:
Essentially, the ITA recognizes that while Safe Harbor is relevant when it comes to cloud computing services and European data/companies, it is not the all-encompassing rule for determining other cloud security responsibilities.
Each industry and individual organization should have custom data security requirements and adhere to cloud security best practices. Conducting a risk analysis assessment for your own organization can help pinpoint your business workflow model and identify critical data and potential vulnerabilities when it comes to data in transit and at rest.
Read the Top 5 Tips for Cloud Computing Security for more about how to ensure your cloud service provider/data center operator takes security seriously to protect your critical data.
Related Articles
Cloud-Based Disaster Recovery
Cloud-based disaster recovery can streamline data backup and recovery times, useful for mission-critical applications and data required to be up and running at all times. Read below for an excerpt about virtualization and disaster recovery from our newest white paper, … Continue reading →
Precautions with the HIPAA Cloud for Healthcare Software as a Service (SaaS) Companies
A recent Google search brought me to a health IT blog, Life as a Healthcare CIO, and the post entitled The Reality of SaaS. The author discusses whether or not SaaS/cloud computing is appropriate for EHR (electronic health record) hosting … Continue reading →
State of Cloud Security: Vetting Applications and Cloud Providers for Compliance and Security
The latest report from the Ponemon Institute, located in Traverse City, Michigan, sought to analyze trends in cloud computing security among organizations that use software as a service (SaaS) and infrastructure as a service (IaaS). Only half of organizations are … Continue reading →
References:
Article 29 Working Party Cloud Computing Opinion: Blow to Safe Harbor?
Clarifications Regarding the U.S.-EU Safe Harbor Framework and Cloud Computing (PDF)