A digital safe is a secure, accessible storage on the internet and to keep
electronic documents in various formats. It is primarily intended for the
conservation of paperwork such as invoices, contracts or salary.
According to service providers and the desired storage space, it is usually
paid. The price may vary from one or two euros to 10 euros per month. But it
may be free for small storage spaces (1 Giga byte).
It is proposed by banks, insurers or independent enterprises. The contract
of opening is generally terminable at any time.
Most digital safes work by downloading of previously scanned documents.
Some vendors offer to automatically collect certain documents(invoices, and even salary slips) to issuers (EDF...) and to classify them.
It is sometimes also possible to set up an e-mail address dedicated to the
reception of these document types and linked to the trunk for the automatic
classification of these.
A sharing function exists sometimes allowing third parties authorized to
have access to certain documents of the safe.
In its
recommendation published in the Official Gazette of October 09, 2013, the CNIL
was held to clarify its position regarding digital safes. She believes that so-called digital safe services must ensure the integrity, availability and confidentiality of stored data. It makes several recommendations on security measures to be implemented, including:
was held to clarify its position regarding digital safes. She believes that so-called digital safe services must ensure the integrity, availability and confidentiality of stored data. It makes several recommendations on security measures to be implemented, including:
·
the service must be investigated before its implementation of a normal (and
not simplified) declaration with CNIL services, mentioning the categories of
data personal processed by the provider (identification of users and connection
data);
·
a digital safe is storage space is restricted to its single user and
persons that it mandates;
·
the content must be protected by technical measures making it
unintelligible to third parties not authorized;
·
the service provider must not be technically able to access the contents of
the trunk without the express consent of the user;
·
the user should be clearly informed of the type of space at his disposal
and the terms of use;
·
the deletion of a digital Vault document must be immediately taken into
account. Any backups do not need to be maintained more than a month.
·
sustainability of the storage must be ensured and savvy users sufficiently
in advance of any closure of the service. A simple data recovery system must be
put in place (so you can for example easily change provider).
0 commentaires:
Post a Comment