This seminar was presented by Foley Hoag LLP and and a panel of industry experts on ISO 27018, the new international standard governing the processing and protection of personal information by public Cloud Service Providers (CSPs). Even though this new standard is voluntary, it is widely expected to become the benchmark for CSPs going forward.
As the first and only international privacy standard for the cloud, ISO 27018 addresses the means of keeping customer information confidential and secure, as well as preventing personal information from being used for advertising or data analytics without customer approval. More importantly, adherence to ISO 27018 demonstrates that a CSP’s cloud privacy policies and practices are consistent with the industry’s best practices, both in the United States and the EU.
Our panel discussed the delineations of ISO 27018 and the potential value ISO 27018 carries as the new standard in industries where protection of sensitive customer or business data is paramount.
- What are the key data privacy and data protection issues companies should consider before moving to cloud computing technologies?
- What are the key substantive requirements of ISO 27018 for handling customer data?
- How does ISO 27018 adoption benefit customers in regulated industries such as healthcare and financial services?
- How do the ISO 27018 requirements map against existing sector-based data privacy and security standards (e.g., HIPAA, SOC 2)?
- What value is provided by third party verification (through accreditation) of ISO 27018 and other data privacy and security practices in cloud computing?
Sharon Gillett, Principal Networking Policy Strategist, Microsoft Research
Deborah Hurley, Founder and Principal, Hurley, and Fellow, Institute for Quantitative Social Science, Harvard University
Colin Zick, Partner, Co-Chair and Co-Founder, Privacy & Data Security Practice, Foley Hoag LLP
Click here to download the presentation.