Can I use third-party cloud storage services that collect personal information in Iowa? What are the requirements?

Use of Third-Party Cloud Storage Services in Iowa

Based on the context documents provided, there are no specific requirements or regulations regarding the use of third-party cloud storage services that collect personal information in Iowa. However, licensees are required to exercise due diligence in the selection of third-party service providers and require them to implement appropriate measures to protect and secure nonpublic information that is accessible to or held by the licensee’s third-party service providers [IACO 507F.5].

It is important to note that any personal information collected by a third-party service provider must be protected and secured in accordance with Iowa’s laws and regulations. Additionally, licensees must comply with Iowa’s Driver’s Privacy Protection Act and Iowa Code section 321.11 when accessing records related to driver’s licenses, nonoperator’s identification cards, certificates of title, registration receipts, and registration renewal receipts [IACO 301.5].

If a licensee becomes aware of a cybersecurity event in an information system maintained by a third-party service provider, the licensee shall comply with section 507F.7, or the licensee may obtain a written certification from the third-party service provider that the provider is in compliance with section 507F.7. If the third-party provider fails to provide written certification to the licensee, the licensee shall comply with section 507F.7 [IACO 507F.9].

Therefore, if you plan to use a third-party cloud storage service that collects personal information, it is recommended that you exercise due diligence in selecting a provider and ensure that appropriate measures are in place to protect and secure the information.

Jurisdiction

Iowa

• Privacy