International Standard for Treating Personal Information in the Cloud

The International Standards Organization (ISO) and the International Electrotechnical Commission (IEC) have adopted a new international standard for the protection of personally identifiable information by public cloud computer service providers.

It is intended to set out best practices for companies operating in this area, such as Amazon Web Services and Google Compute Engine.

Here is a description of the standard by a privacy advice site.

Is this likely to be helpful to your clients, either those having their information stored and treated in the cloud or those who offer cloud services? Will it influence your contracts?

In particular, will it make it easier for you to ensure that using such services is consistent with your or your clients’ obligations under privacy regimes in national laws, such as PIPEDA (or its provincial equivalents)?

One notes that one of the duties in complying with the standard is ‘Always process personal information in accordance with the customer’s instructions.’ So that should help…

Comments are closed.