Cloud Computing


Businesses continue to be responsible for protecting their customers’ data, regardless of the cloud services they may engage. Finding the right cloud service provider, creating an appropriate contract and managing the relationship are all integral to taking advantage of all the benefits of cloud computing while protecting organizational data. Organizations need to work closely with cloud service providers to establish clear responsibilities for data protection and create mechanisms to monitor the activities of providers. This topic page offers tools and insight to get you on your way.

Featured Resources

Conducting DPIAs on Cloud Environments

This web conference assesses ways to reduce business risk and maintain compliance through data protection impact assessments when working in cloud environments.
Read More

EU’s new Cloud Code of Conduct

Samuel Stolton breaks down the new Code of Conduct, including its interplay with the EU General Data Protection Regulation and how it tackles international data transfers.
Read More

Guidance for a cloud migration PIA

In this piece for Privacy Tech, Leizerov offers some guidance for privacy professionals to consider when they conduct their next cloud migration PIA.
Read More

Latest News and Resources

Web Conference: Changing Privacy and Stakeholder Management for a Cloud-First World

Original broadcast date: 15 March 2023 In this web conference, we will discuss how an increase in hybrid and remote work has blurred the lines between work and personal activities. As a result, more personal data is being generated, retained, shared and accessed across a multitude of devices and clouds. Furthermore, prevalence and reach of privacy regulations are becoming increasingly pervasive, putting greater risk on organizations of all types and sizes. Read More

VMware CPO leads cloud privacy efforts during a ‘cutting-edge’ time

A "renaissance" field. That’s how VMware Vice President and Chief Privacy Officer Stuart Lee, CIPP/E, CIPP/US, CIPM, FIP, describes the privacy profession. And it’s a particularly “cutting-edge” time, said the multi-cloud service provider’s global privacy operations leader.   “We get to interpret new and exciting technologies and policies into something that can really make a meaningful change for our business and for our stakeholders, and the challenge is you’ve got to be able to think about h... Read More

Cloud Controls Matrix

The Cloud Security Alliance Cloud Controls Matrix is designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized ... Read More


Cloud Computing

The provision of information technology services over the Internet. These services may be provided by a company for its internal users in a "private cloud" or by third-party suppliers. The services can include software, infrastructure (i.e., servers), hosting and platforms (i.e., operating systems). Cloud computing has numerous applications, from personal webmail to corporate data storage, and can be subdivided into different types of service models.... Read More

Online Data Storage

Refers to the storage of data by a third-party vendor made accessible through the Internet.(Hosted storage, Internet storage, cloud storage) This is a common data storage alternative to local storage, such as on a hard drive, and portable storage, such as a flash drive. Associated term(s): Cloud Computing... Read More


How to manage global data under CLOUD Act governance

It’s common knowledge that the U.S. government, with a subpoena or warrant, can compel companies to disclose data about companies and individuals. All governments have some type of legal capability to request data from information providers. What is surprising to many, even those of us in IT, is that with the Clarifying Lawful Overseas Use of Data Act, the U.S. government can compel a U.S. company that is hosting data in another country to comply with such information requests. For example, if ... Read More

Cloud Computing Contracting and Compliance: Why All Privacy Pros Need to Get Up-to-Speed

The cloud is going mainstream. Many organisations are embracing cloud computing enthusiastically as a means to improve business processes while, potentially at least, making substantial cost savings along the way. Others, meanwhile, are proceeding at a more measured pace. Cautious adopters include companies that operate in heavily regulated sectors such as financial services and healthcare, as well as many government agencies and other large organisations with substantial investments in legacy IT systems and processes. Whatever sector you work in, however, it is time to get to grips with cloud computing and, in particular, the privacy implications of cloud procurement and deployment arrangements. Read More


Security Guidance for Critical Areas of Focus in Cloud Computing

This Cloud Security Alliance guidance seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment. Read More

Protecting Data and Privacy in the Cloud

This white paper outlines Microsoft's approach and processes to ensure that customers’ data in their enterprise services remains private. After discussing the issues surrounding privacy in the cloud, they discuss the ways in which they ensure their services protect privacy when building services, to operating the services in the datacenter, to ensuring their customers make informed choices to protect their data privacy in the cloud. Click To View (PDF) ... Read More


Considering the Cloud: How healthcare organizations can navigate the techno-compliance waters and keep ePHI secure

Healthcare in the United States has quickly undergone a significant transformation. With implementation of the HITECH Act of 2009, by the end of 2010 most office-based doctors—57 percent—were using electronic medical records. The Affordable Care Act, passed in March 2010, added another incentive to the market to adopt new technology by encouraging the creation of Accountable Care Organizations (ACO) to organize knowledge, technology and healthcare teams around the needs of the patient. Read More