The Cloud Security Alliance this week unveiled the next generation of a tool designed to enable cloud customers to evaluate the level of data protection precautions implemented by cloud service providers.
The Privacy Level Agreement (PLA) v2 tool aims to give customers a better sense of the extent to which their providers have practices, procedures and technologies in place to ensure data protection vis-à-vis European data privacy regulations.
It also provides a guidance for cloud service providers to achieve compliance with privacy legislation in EU, and on how these providers can disclose the level of personal data protection they offer to customers.
“The continued reliance and adoption of the PLA by cloud service providers worldwide has been an important building block for developing a modern and ethical privacy-rich framework to address the security challenges facing enterprises worldwide,” said Daniele Catteddu, EMEA managing director of CSA.
“This next version that addresses personal data protection compliance will be of significant importance in building the confidence of cloud consumers,” Catteddu said.
The tool, originally created in 2013, was developed by the PLA working group, which was organised to help transpose the Art. 29 Working Party and EU National Data Protection Regulator’s recommendations on cloud computing into an outline CSPs can use to disclose personal data handling practices.
“PLA v2 is a valuable tool to guide CSPs of any size to address EU personal data protection compliance,” said Paolo Balboni, co-chair of the PLA Working Group and founding partner of ICT Legal Consulting. “In a market where customers still struggle to assess CSP data protection compliance, PLA v2 aims to fill this gap and facilitate customer understanding.”