Your search did not match any results.
We suggest you try the following to help find what you’re looking for:
The United States currently does not have an overarching data privacy law. There are several sector-specific data privacy laws at the federal level, such as the Health Insurance Portability and Accountability Act (HIPAA), the Family Education Rights and Privacy Act (FERPA), and the Children’s Online Privacy Protection Act (COPPA). The FTC generally enforces data privacy when actions are found to be unfair or deceptive in commerce. Many state-level privacy regulations also exist.
Oracle does not have insight into whether the contents of the data its US customers choose to store in Oracle Cloud contain personal information, nor whether it is subject to US or any other data privacy regulations. The customer is primarily responsible for their own data privacy compliance.
Oracle Cloud Infrastructure data centers are located in the US for the convenience of our North American customers. See the list of cloud services offered at https://www.oracle.com/cloud/data-regions.html#northamerica
See Oracle Cloud Infrastructure Privacy Features (PDF) for an overall look at how its features may help customers comply with many universal data privacy principles, and where the responsibility may lie for adherence to these principles.
Data privacy assumes that good data security is in place. Any conversation about data privacy in the cloud cannot move forward unless a foundation of solid data security has been established. Oracle Cloud Infrastructure was built with the goal of hosting customers’ mission-critical applications and therefore offers world-class data security for its tenants. More details on security are explained in the Oracle Cloud Infrastructure Security white paper (PDF).
Maintaining cloud security is a joint responsibility between the customer and Oracle. The division of responsibility is described here: https://docs.cloud.oracle.com/iaas/Content/Security/Concepts/security_overview.htm#SharedSecurityModel
To give customers confidence in the data security that underlies our data privacy, Oracle Cloud Infrastructure has engaged independent auditors/assessors to perform audits against security standards such as ISO/IEC 27001:2013, Service Organization Controls SOC1 and SOC2, and PCI-DSS. See https://www.oracle.com/cloud/cloud-infrastructure-compliance/ for the Oracle Cloud compliance story.
When the customer signs up for Oracle Cloud Infrastructure, they choose their home region. The customer’s data stays within that home region’s jurisdiction unless the customer affirmatively subscribes to other regions and takes steps to transfer data to those other regions. More on managing regions is found here: https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingregions.htm
The Data Processing Agreement for Oracle Services explains how personal data is handled in Oracle Cloud. It touches on these and other subjects: