CSA Releases Updated Privacy Tool to Protect EU CSPs and Their Customers
The number one reason why prospective customers, whether they are consumers or enterprises, are hesitant to adopt cloud services relates to concerns about security and privacy. The Cloud Security Alliance (CSA) Privacy Level Agreement Working Group has come up with a solution and has released an updated tool to offer protection and assurance within the European Union (EU).
The Privacy Level Agreement (PLA) v2 identifies a baseline of mandatory personal data protection legal requirements across the EU, and also lets cloud customers evaluate the level of personal data protection offered by numerous cloud service providers. This benefits both customers and CSPs as it gives service providers guidance on achieving compliance with mandatory privacy legislation throughout the EU. It also offers providers a way the disclose the level of personal data protection they are offering cloud customers, giving customers and prospects peace of mind.
The new PLA tool supports CSP transparency while also giving cloud customers a simple means of understanding and evaluating personal data protection. The solution lets cloud customers identify the CSP and how it handles data protection queries, including ways in which data will be processed along with transfer and security measures. PLA v2 also supports transparency regarding monitoring, accountability, cooperation and personal data breach notification.
"The continued reliance and adoption of the PLA by cloud service providers worldwide has been an important building block for developing a modern and ethical privacy-rich framework to address the security challenges facing enterprises worldwide," said Daniele Catteddu, EMEA managing director of CSA. "This next version that addresses personal data protection compliance will be of significant importance in building the confidence of cloud consumers."
According to EMC, which is a sponsor of the PLA Working Group, the tool will be beneficial as more and more CSPs move toward a hybrid cloud strategy to better serve their customers, both in the EU and globally.
"EMC recognizes the CSA PLA v2 as a timely, key industry deliverable to enable CSPs and their clients to establish trust and transparency with respect to the EU data protection and privacy regulations, as well as with industry regulators," said Wayne M. Adams, senior technologist, corporate office of the CTO for EMC.
Edited by Dominick Sorrentino