Great News! We have a new cloud privacy standard from ISO, the International Standards Organization. Now lets get the word out. The more who have a starting framework, the quicker we’ll have adoption, oversight, and enforcement of standards world wide.
OK. Its a start!
- “Always process personal information in accordance with the customer’s instructions.
- Only process personal information for marketing or advertising purposes with the customer’s express consent. Such consent cannot be made a condition for receiving the service.
- Help cloud customers comply when individuals assert their access rights.
- Disclose information to law enforcement authorities only when legally bound to do so.
- Disclose the names of any sub-processors and the possible locations where personal information may be processed prior to entering into a cloud services contract.
- Help cloud customers comply with their notification obligations in the event of a data breach.
- Implement a policy for the return, transfer or disposal of personal data, for instance when the service comes to an end.
- Subject their services to independent information security reviews at scheduled intervals (or when significant processing changes occur).
- Enter into confidentiality agreements with staff who have access to personal data and provide appropriate staff training.”
Thanks to The National Law Review