Implementation of Cloud Services in a Business Environment
57
There are further examples for similar jurisdictions:
US Federal Information Security Management Act of 2002 §3543 (1), which
demands the presence of federal agencies to implement information security
programs (2002)
The US Health Insurance Portability and Accountability Act of 1996, which
addresses topics like security and privacy of health data (Blaisdell, 2013)
The US Department of Defense Information Assurance Certification and
Accreditation Process, that defines the risk management processes
applicable for information systems (2007)
The Payment Card Industry Data Security Standard, which is based on the
Visa-Account-Information-Security-Program, the MasterCard-Site-Data-
Protection-Program, as well as the American Express Security Operating
Policy and the Discover Information Security and Compliance, published
international valid security requirements for the protection of a cardholder’s
data (Atug & Oannen, 2006, pp. 2-3)
These examples show that there are many areas of regulations and obligations,
which require great effort in order to comply with national and international
jurisdiction. In most cases it is advisable to seek legal advice before acting
haphazardly.
7.2.1
Harmonizing Data Outsourcing into the Cloud: European Cloud
Computing Strategy
In September 2012 the European Commission (EC) initiated a campaign aimed to
enable and facilitate faster adoptions of cloud computing throughout all sectors of
the economy with the ultimate goal to cut IT costs, to establish new business
practices, as well as to increase productivity and growth and to generate new jobs.