The world is increasingly digitalized and almost everything we do now contributes to personal data being stored or processed. Although many digital services can be convenient, they’re subject to new and evolving privacy laws. According to the United Nations Conference on Trade and Development (UNCTAD), approximately seventy percent of countries worldwide have already established data protection and privacy legislation. For cloud providers like Oracle, this means conforming to policies and practices, and providing features which help customers adhere to the privacy regulations applicable to their business.
What’s your role in data privacy?
In the context of data privacy regulations, in most cases, Oracle is a data processor, its customers are the data controllers, and their end users are the data subjects. As a processor, Oracle carries out the instructions of the data controller and has no direct relationship with the data subject. Oracle processes data at the customer’s discretion to provide cloud services.
Oracle Cloud Infrastructure (OCI) offers features and services that assist customers with implementing good privacy practices. For further information, see the OCI Privacy Features advisory, which discusses how the features and functionality of OCI can help you address some of the requirements that arise from data privacy regulations found across the world.
Oracle supports its customers’ data privacy needs
Oracle’s security-first approach emphasizes protecting the confidentiality, integrity, and availability of customer data. Oracle provides infrastructure-, platform-, and software-as-a-service (IaaS, PaaS, and SaaS) cloud services built for enterprise workloads, and Oracle’s data security practices help ensure that logical and physical security controls are implemented and tested across the full-stack of cloud services.
Cloud providers must offer customers features and services like encryption for data at rest and in transit, key management, and highly available storage solutions that are foundational to implementing their own privacy practices. With these key capabilities, administrative safeguards provided under the Data Processing Agreement for Oracle Services include provisions for cross-border data transfers, breach notifications, and the return and deletion of personal information to help OCI customers meet their data privacy obligations.
Available resources
-
To give customers the information they need to comply with data privacy principles, Oracle Product Service Feature Guidance documents are available by logging into MyOracleSupport.
-
The Oracle Services Privacy Policy provides transparency about Oracle’s overall approach to the handling of personal information our customers may bring into our services.
-
The Oracle Cloud Compliance site provides information about the regulatory frameworks for which Oracle has achieved a third-party attestation or certification and advisories containing technical recommendations for the use of cloud services.
Learn more
Oracle is committed to closely monitoring global data privacy regulations and trends and being transparent with customers about its policies and practices. Oracle continues to expand its portfolio of cloud services, features, and functionalities to allow customers to address privacy, security, and compliance requirements that today arise from global regulations.
For more information about Oracle’s data privacy practices, contact a representative.