4.3.3 Account of Data Location
Cloud adoption raises serious privacy concerns with respect to data residency. An accountability policy should express rules about the location of the data and the accountor should provide some evidence about the location of personal data either upon receiving a request or automatically whenever data is transferred. An account of compliance with respect to data location rules can regroup the following evidence:
- Binding Corporate Rules (BCR) approval: the number of multinational companies adopting Safe Harbor, Binding Corporate Rules [32] which define the rules with respect to international data transfer is increasing. Therefore, a BCR certification can be considered as important evidence for an account on compliance.
- information about the physical location of the servers: the accountor can provide such information with a third party audit report for example;
- log traces: data transfer logs can be obtained with a monitoring tool like A4Cloud's data transfer monitoring tool (DTMT).
Download the preliminary release of the Cloud Accountability Reference Architecture and the relevant A4Cloud Toolkit.