No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions

United States Data Privacy and Oracle Cloud Infrastructure

The United States currently does not have an overarching data privacy law. There are several sector-specific data privacy laws at the federal level, such as the Health Insurance Portability and Accountability Act (HIPAA), the Family Education Rights and Privacy Act (FERPA), and the Children’s Online Privacy Protection Act (COPPA). The FTC generally enforces data privacy when actions are found to be unfair or deceptive in commerce. Many state-level privacy regulations also exist.

Oracle does not have insight into whether the contents of the data its US customers choose to store in Oracle Cloud contain personal information, nor whether it is subject to US or any other data privacy regulations. The customer is primarily responsible for their own data privacy compliance.

Oracle Cloud Infrastructure data centers are located in the US for the convenience of our North American customers. See the list of cloud services offered at https://www.oracle.com/cloud/data-regions.html#northamerica

See Oracle Cloud Infrastructure Privacy Features (PDF) for an overall look at how its features may help customers comply with many universal data privacy principles, and where the responsibility may lie for adherence to these principles.

Security and Privacy

Data privacy assumes that good data security is in place. Any conversation about data privacy in the cloud cannot move forward unless a foundation of solid data security has been established. Oracle Cloud Infrastructure was built with the goal of hosting customers’ mission-critical applications and therefore offers world-class data security for its tenants. More details on security are explained in the Oracle Cloud Infrastructure Security white paper (PDF).

Shared Responsibility

Maintaining cloud security is a joint responsibility between the customer and Oracle. The division of responsibility is described here: https://docs.cloud.oracle.com/iaas/Content/Security/Concepts/security_overview.htm#SharedSecurityModel

Frameworks/Certifications

To give customers confidence in the data security that underlies our data privacy, Oracle Cloud Infrastructure has engaged independent auditors/assessors to perform audits against security standards such as ISO/IEC 27001:2013, Service Organization Controls SOC1 and SOC2, and PCI-DSS. See https://www.oracle.com/cloud/cloud-infrastructure-compliance/ for the Oracle Cloud compliance story.

Location Transparency

When the customer signs up for Oracle Cloud Infrastructure, they choose their home region. The customer’s data stays within that home region’s jurisdiction unless the customer affirmatively subscribes to other regions and takes steps to transfer data to those other regions. More on managing regions is found here: https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingregions.htm

Data Processing Agreement

The Data Processing Agreement for Oracle Services explains how personal data is handled in Oracle Cloud. It touches on these and other subjects:

  • Roles of controller and processor
  • Processing of customer instructions
  • Privacy inquiries by individuals
  • Third-party subprocessors
  • Cross-border data transfers
  • Audit rights
  • Incident management
  • Breach notification
  • Data deletion at service termination