Cloud Security Alliance Releases Privacy Level Agreement Tool Version 2

Image Attribution: Flickr

Cloud providers that operate within the EU must adhere to a set of strict data privacy rules. How can you know when your provider is playing by the rules? The Cloud Security Alliance’s solution to this is called the Privacy Level Agreement tool.
The PLA tool was originally released in 2013, and as of yesterday, version 2 is now available for organizations to implement within their environments. The PLA v2 gives organizations the peace of mind to know that their Cloud Service Providers are storing data in accordance to the laws established within the EU concerning data privacy. By using the CSA’s PLA v2 tool, organizations can get a second opinion on the privacy of the storage of their data.
For organizations that may not meet the standards after the initial PLA v2 audit, the tool goes in depth to show CSPs and organizations how they can achieve compliance within their environments. The tool also informs organizations of how they can disclose the privacy level of data to their customers. This helps organizations stay transparent, while ensuring that they provide the strict level of data security dictated by EU law.
“The continued reliance and adoption of the PLA by cloud service providers worldwide has been an important building block for developing a modern and ethical privacy-rich framework to address the security challenges facing enterprises worldwide,” says EMEA Managing Director for the CSA, Daniele Catteddu.
“This next version that addresses personal data protection compliance will be of significant importance in building the confidence of cloud consumers,” adds Catteddu.
The press release on the PLA v2 mentions that the tool provides:

  • Identity of the Cloud Service Provider
  • The role of the CSP
  • Contact info for data protection inquiries
  • Methods in which the data will be processed
  • Description concerning the Transfer of Data
  • Data Security Measures
  • Data Security Monitoring
  • Personal Data Breach Notification
  • Data Portability
  • Assistance with Migration and Transfer of Data
  • Data Retention, Restitution and Deletion Processes
  • Accountability
  • Cooperation
  • Legally Required Disclosures

For more information on the PLA v2 tool, you can visit the website for more details.