Recently, I had the great pleasure to present on “Privacy Assurance in the Cloud” with Lauren Reid of Nymity.
Over the last several months, increasing attention has been placed on security and privacy in cloud computing. The two concepts overlap but are not equivalent. As Lauren pointed out, security is often assessed on the basis of “perimeter” security. This says nothing about whether there are appropriate limitations on access and use of personal information within the perimeter.
Perhaps the most pressing issue for organizations, however, is the degree of difficulty in assessing whether they have taken sufficient steps to establish appropriate accountability in managing the risks of cloud computing. Lauren examined some of the main privacy assurance tools, such as SOC reports. I examined key contractual provisions. Our slides are below.
In addition, if you are interested in accountability tools, Nymity has just released its updated Data Privacy Accountability Scorecard product. This product is designed as a user-friendly tool to help organizations demonstrate accountability by monitoring, measuring and reporting on privacy management activities of the organization.