ISO/IEC27018 to improve cloud data privacy

Michael Mudd, appointed expert to JTC-1 of the ISO and chief representative of the Open Computing Alliance for APAC and MEA

The massive increase in dataflows across the Internet poses an additional challenge related to the data privacy of customer information.  This challenge is related to appropriate constraints that should be placed on a party (such as a cloud service provider) who is authorized to access customer data for certain purposes, and only those purposes.

The separation in particular of PII data that is not specifically authorised by the data owner for advertising, retention policies of PII data and  transparent parameters for the return, transfer and secure disposal of personal information, an important consideration to protect PII beyond its approved use dateor end of life.

This summary has only highlighted a few of the many details within the 32 pages of ISO27018, but those discussed illustrate the desire to align global data privacy Standards,  so it is a suitable means for globally operating CSP's to demonstrate their data protection/privacy compliance - instead of having to cope with different national Standard in various jurisdictions.

This may ensure data security of PII is truly understood and ensure it is implemented in a structured manner within any business, regardless of industry or size. Wide adoption of this Standardwill enable customers and providers alike to evaluate what protections are in place and, more importantly, what they need to implement to protect PII.

I set out at the beginning of this paper stating that the need to ensure data security and privacy has never been greater.  The world is far more connected now than at any time in history; therefore the need to protect personal information and data from criminal, deliberate or accidental access or loss has never been greater. ISO27018, when correctly implemented goes a long way toward achieving that goal.

Previous Page  1  2