The CNIL makes recommendations on services digital safe box: shelf life, data protection, security measures ...
While the law or the courts have not yet had to deal with the case of services digital safe, the CNIL has addressed the issue.
At a time when the providers of these services (banks in particular) are more numerous, they will find useful "recommendations" and their future customers as requirements to prevail with them.
The Commission has made a number of recommendations about these offers secure storage space, used for hosting personal dematerialized documents (invoices, pay slips, ...).
The CNIL reminds that such a service must be before its implementation, a normal return to its services. However, the categories of data stored do not have to be mentioned.
Similarly, it recalls the time of transfer of stored outside of the European Union by the data provider, it must obtain prior authorization of services.
Regarding processed given the CNIL exclude that suppliers can offer to store health data, subject to a special legal regime, if they are not themselves authorized for this purpose.
Facilitating change of provider "without complex manipulation"
Turning to the shelf, it recommends that when a user wants to delete the documents from his personal space, this operation is "effective immediately." When saving data including these copies should not be kept for longer than a month.
Directed to service providers digital safe, the NDC believes they must agree about the sustainability of storage. Thus, "the closure of this type of service requires users to inform well in advance to allow them time to retrieve stored documents."
In this regard, providers must, she says, "making available at no extra cost, a tool that allows users to retrieve the entire contents of their safe so simple, without complex or repeated handling, and to facilitate change supplier. "
Finally, in the field of security, in particular it recommends that all transfers of information to and from a digital safe are encrypted when they are performed by a non-secure network.
No comments:
Post a Comment