A company is moving its customer database to a public cloud provider. The database contains personally identifiable information (PII) of European Union citizens. Which legal framework imposes requirements on the cloud customer regarding data protection and privacy in this scenario?
Trap 1: Sarbanes-Oxley Act (SOX)
SOX addresses financial reporting and corporate governance.
Trap 2: Health Insurance Portability and Accountability Act (HIPAA)
HIPAA applies to protected health information in the US.
Trap 3: Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS applies to payment card data, not general PII.
- A
Sarbanes-Oxley Act (SOX)
Why wrong: SOX addresses financial reporting and corporate governance.
- B
General Data Protection Regulation (GDPR)
GDPR governs processing of personal data of EU individuals.
- C
Health Insurance Portability and Accountability Act (HIPAA)
Why wrong: HIPAA applies to protected health information in the US.
- D
Payment Card Industry Data Security Standard (PCI DSS)
Why wrong: PCI DSS applies to payment card data, not general PII.