In response to jurisdictional issues and confusion over inconsistent Data Privacy Security and Transfer Requirements, a group of 44 lawyers from 32 countries took action. They created an initiative titled “The Data Privacy Compliance Cloud Privacy Check” (CPC/DPC) to provide straightforward guidance. By providing a “Cloud Privacy Check process,” the CPC/DPC helps cloud users navigate data protection obligations. The questions include:
- Does the transaction include any personally identifiable information?
- Does a third party involved in the setup of the cloud process have access to personal data?
- Does the data leave the jurisdiction of the customer?
- Is the cloud provider using subcontractors in the setup?
Questions 1 and 2 guide whether PII obligations exist. Questions 3 and 4 define the obligations to manage PII in the cloud. In addition to this handy checklist, the CPC/DPC provides comparisons of privacy requirements across 32 countries. Country-specific reports help companies understand and plan for the complexities of maintaining information across borders.
The nature of and increasing reliance on cloud storage presents unique challenges for information and records management. Information governance holds data—local- and cloud-based—to the same standards. It is important to maintain cloud-based information in line with company policies and all governing laws and regulations. As the CPC/DPC Checklist shows, an assessment can go a long way to ensure your business manages all information appropriately.
Contact Zasio today for a privacy impact assessment to help you navigate challenges proactively. Whether your data is stored locally or in the cloud, we can help you stay compliant.
Disclaimer: The purpose of this post is to provide general education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.
Author: Jennifer Chadband, IGP, CRM, ECMp
Senior Analyst / Licensed Attorney