Following the first anniversary of the publication of ISO 27018 – an international privacy standard governing the processing of personal data in the cloud — Mason Hayes & Curran looks at how successful the new standard has been and the challenges customers and cloud providers are facing following its adoption.
Last summer, the International Standards Organisation (ISO) and the International Electrotechnical Commission (IEC) published ISO 27018, the first privacy-specific international standard for cloud services.
The new standard specifies the roles of a data controller and a data processor in maintaining the security and privacy of personally identifiable information (PII) stored in a public cloud environment.
In contrast to existing information security standards that it builds on (such as ISO 27001 and ISO 27002), ISO 27018 is specifically tailored to cloud computing services.
