PII Processor Controls
Controls and guidance for protecting PII in public clouds.
Consent and choice
PII processor should provide cloud service customer with means to comply with PII principal consent obligations.
Purpose legitimacy and specification
PII to be processed under contract should not be processed for any purpose independent of the customer's instructions.
Collection limitation
Restrict the collection of PII to the minimum necessary for the agreed purposes.
Data minimization
Implement and apply data minimization principles to PII processing.
Use, retention and disclosure limitation
PII should not be used, retained, or disclosed beyond what is necessary for the contracted purposes.
Accuracy and quality
Provide mechanisms to ensure PII is accurate, complete, and up-to-date.
Openness, transparency and notice
Provide transparency about PII handling practices including subprocessors and locations.
Individual participation and access
Provide means to fulfill data subject rights including access, correction, and erasure requests.
Accountability
Inform customer about jurisdictions where PII is processed and any unauthorized access or disclosure.
Information security
Implement appropriate technical and organizational measures to protect PII.
Privacy compliance
Ensure ongoing compliance with PII processing obligations in the cloud service contract.
Geographical location of PII
Customer must be informed of countries in which PII may be stored.
Return, transfer, and disposal of PII
PII must be securely returned, transferred, or disposed of at end of contract.
Disclosure of subcontracted PII processing
Use of subcontractors to process PII should be disclosed to the cloud service customer.