Data Privacy - AWS Security Incident Response Guide

Data Privacy

We know customers care deeply about privacy and data security, and so we implement responsible and sophisticated technical and physical controls designed to prevent unauthorized access to or disclosure of customer content. Maintaining customer trust is an ongoing commitment. You can learn more about AWS data privacy commitments on our Data Privacy FAQ page.

These intentional, self-imposed controls limit the ability of AWS to assist in responding within a customer's environment. Because of this, focusing on understanding and building capabilities within the Shared Responsibility Model is key to success in the AWS Cloud. Although enabling logging and monitoring capabilities in your AWS accounts before an incident occurs is important, there are additional aspects to incident response that are imperative to a successful program.

California Consumer Data Privacy

The California Consumer Privacy Act of 2018 (CCPA) grants “consumer[s] various rights with regard to personal information relating to the consumer that is held by a business” that is subject to the CCPA. For information on AWS privacy and data security policies in relation to customers subject to CCPA, refer to the Preparing for the California Consumer Privacy Act whitepaper for guidance.

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a European privacy law (Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016) that became enforceable on May 25, 2018. The GDPR replaces the EU Data Protection Directive (Directive 95/46/EC), and is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each EU member state. For information on AWS compliance in relation GDPR, refer to the Navigating GDPR Guidance on AWS whitepaper.