Outsourcing
To all my readers, thank you and goodbye. This blog is now an ex-blog.
On 7 July 2016, the UK’s Financial Conduct Authority (FCA) issued finalised guidance for authorised UK financial institutions use of cloud services. In a marked contrast to some other jurisdictions’ approach, this guidance is issued against a policy backdrop of FCA’s ‘Project Innovate’ which is a initiative to foster innovation and competition. The FCA say:
This guest post is written by @matthew1hunter and @aisling1odwyer. Regular readers of this blog will know we have been tracking the impact of ISO/IEC 27018:2014 –Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC 27018). We see this as the go-to standard for customers of public…
On 3rd March 2015, Korea passed the world’s first cloud-specific law, with the stated aim of driving the adoption of cloud computing in Korea. But what are the practical implications for cloud customers and cloud services providers in Korea? This guest post is written by Daniel Jung and @matthew1hunter. When does the Korean Cloud Act come into force?…
Since its release in August 2014, ISO 27018 is becoming well established as the “go to” standard to help cloud customers to comply with their privacy obligations when using public cloud services. Privacy regulators recognise and refer to the new standard. Cloud customers are using it in their RFP requirements and in their assessments of…
A key challenge for organisations who want to use cloud services is to do so in a way that is compliant with the organisations’ obligations under data protection laws. This guest post by Matt Hunter (@matthew1hunter) and Daniel Jung explains how ISO 27018 is relevant and why companies considering cloud solutions should look to cloud providers…
The Monetary Authority of Singapore (“MAS“) is consulting on a new notice and guidelines on outsourcing. Having already commented on its positive message for cloud services, this post addresses the rest of the consultation. In summary, we think: MAS’s proposals are generally positive and helpful. However, in some areas more clarity could be provided. Background MAS first issued its ‘Guidelines on Outsourcing’ in 2004…
There should be relief at the moment felt by financial institutions and cloud service providers alike, following the release of the MAS’s consultation on the proposed new outsourcing notice and updated guidelines as mentioned in Rob’s previous post. The MAS doesn’t use the word “cloud” expressly in its consultation. However, the MAS has made important changes…
On Friday 5 September, the Monetary Authority of Singapore (which regulates financial institutions in Singapore) published a consultation on revising its existing guidelines on outsourcing. Responses are due by the 7th October.
Singapore’s Infocomm Development Authority (IDA) has launched a new cloud security standard: Multi-Tier Cloud Security (MTCS) Standard For Singapore (SS 584). The IDA explains that the objective of the standard is: “to provide businesses with greater clarity on the levels of security offered by different cloud service providers (CSPs).” Objectives The IDA’s fact sheet explains that: [Customer…
Earlier this week, a draft of the Singapore Data Protection Bill was introduced to the Singapore parliament. This draft follows a MICA consultation on a prior draft and removes some of the more controversial aspects of the prior draft, most notably a provision that attempted to assert extra-territorial jurisdiction. Although this will be a significant change…
Today’s blog post is courtesy of my friends and colleagues Clive Gringras and Claire Walker who have published a helpful guide to the new European Data Protection proposals. “Today, 25 January 2012, the European Commission unveiled its proposals for far reaching changes to EU privacy legislation. We foresee the Regulation being in force by 2015. Every aspect…
