As a cloud service provider (CSP), Huawei provides customers with various cloud services, such as infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). Implementing privacy and security in the complex cloud service environment requires the joint efforts of customers and Huawei Cloud. Privacy protection poses clear requirements for enterprises. In this article, we will introduce customers’ privacy protection responsibilities and obligations in using cloud services based on the following responsibility model and how Huawei Cloud helps customers implement privacy and security.
As shown in this figure, Huawei Cloud is responsible for the security and compliance of cloud services and provides customers with privacy features required for data processing, storage, and transfer. Regarding content data[1], customers have all the rights and obligations, including privacy protection obligations. Customers shall develop security and privacy protection policies and measures to ensure personal data[2] security and guarantee the rights of data subjects[3] and the compliance of activities.
This model helps customers understand the privacy protection responsibilities and obligations of Huawei and customers. It also helps customers identify their personal data and develop appropriate personal data protection policies to better protect privacy.
HUAWEI CLOUD Responsibilities
As a CSP, Huawei Cloud provides a cloud platform consisting of the infrastructure, platform, and application layers, and is responsible for the security of the cloud infrastructure, such as the physical environment, hardware and software, compute, network, database, storage, platform layer, and application layer. The activities and cloud services of Huawei Cloud comply with applicable privacy protection laws and regulations, providing customers with a stable, secure cloud environment that facilitates privacy protection.
Huawei Cloud provides a range of privacy protection technologies for customers, including access control and identity authentication, data encryption, log and audit, and related privacy enhancing technologies (PETs). It also provides various cloud services by using these technologies, thereby helping customers protect privacy based on business requirements. Huawei Cloud has developed a comprehensive privacy protection system and multi-dimensional management and control mechanisms for privacy protection to fulfill its responsibilities.
Customer Responsibilities
Customers have full control over their content data. They shall correctly and comprehensively identify personal data on the cloud, select appropriate services, and develop security and privacy protection policies to protect personal data security. Customers shall also properly configure OS, network, security, database encryption policies, access control policies, and password policies based on business and privacy protection requirements.
Customers can use multiple privacy protection services provided by Huawei Cloud, for example, use data identification technologies to identify and classify data, use access control services to set minimum permissions for personal data and assign permissions on demand, and encrypt personal data to protect them during storage and transfer.
Customers shall guarantee the rights of its data subjects and respond to data subjects’ requests. If a personal data breach occurs, customers shall notify the data subject and take corresponding measures. Customers can use multiple privacy protection services provided by Huawei Cloud, for example, use the logging function to retain the operation records of personal data and ensure data subjects’ right to know. Customers shall ensure that personal data processing complies with applicable privacy protection laws and regulations. To help customers implement comprehensive privacy compliance, Huawei Cloud provides multiple privacy protection services and compliance solutions.
Cyber security and privacy protection are the cornerstones for the development of the digital and intelligent world. Huawei Cloud will continue implementing the privacy protection vision and objectives in privacy protection practices to provide customers with secure, reliable cloud services to protect personal data. Huawei Cloud embraces new technologies and collaborates with partners, continuously improving security and privacy protection services and capabilities. Huawei Cloud helps customers create value, meanwhile working with customers to protect personal privacy on the cloud.
[1] Content data refers to data stored or processed during the use of Huawei Cloud services, including but not limited to documents, software, images, and audio and video files.
[2] Personal data or personal information refers to any information related to an identified or identifiable natural person (“Data Subject”) who can be identified, directly or indirectly, in particular by reference to an identifier. Example: email address, telephone number, biometric information (such as a fingerprint), location data, IP address, health care information, religious belief, social security number, and marital status.
[3] Rights of data subjects include but are not limited to the right to know, right of access, right to data portability, and right to erasure (right to be forgotten).