Navigating privacy rules in a cloud environment
Reduce your risk by protecting your data
The cloud offers flexible and affordable software, platforms, infrastructure and storage—giving organizations an unprecedented opportunity to reduce costs, increase agility and improve IT capability. However, the adoption of cloud computing raises significant privacy challenges. As your data crosses borders, navigating the jurisdictional privacy differences gets more complex. For example, Canadian multinationals relying on the former Safe Harbor principles or Canadian businesses using US-based data storage and processing providers are now faced with new EU-US Privacy Shield rules and stricter EU privacy regulations.
Any organization that has a global footprint moving to the next generation of cloud computing will need to step up their privacy game to better manage their legal, reputational and privacy risks.
Three important data privacy considerations
As the threat landscape changes and privacy regulations continue to evolve, the need for organizations to refine their cloud computing strategy to mitigate their overall risks is a must. Start by asking your cloud providers three key questions:
- Where is your data stored? Under cloud computing models, data is often stored or processed in multiple jurisdictions. To avoid legislative traps, your organization must understand and comply with data localization rules and privacy requirements (e.g., breach notification and risk assessments).
- How is your data protected? In light of regulatory trends and jurisdictional requirements, you must work closely with your cloud providers to ensure they are meeting the data protection standards set out in your contracts.
- How private is your data? To render your data unreadable—and consequently unusable to cybercriminals—you must also ensure that your cloud providers offer sufficient data protection mechanisms, like encryption services and other security measures.
To learn more, read our latest paper, Data privacy in the cloud: Navigating the new privacy regime in a cloud environment.