Often, when the cloud computing discussion takes off, especially in relation to public clouds, one recurring issue soon emerges, namely, the the issue of data privacy and responsibility. It seems clear that different legislations related to data privacy and, especially, cross-border transfer of data is causing a lot of uncertainty and retention by many IT managers considering cloud services. Especially does this relate to certain type of data, e.g. financial information, health records and personal identifiable information. With the global distribution of data centers and the opaque
nature of data location in many cloud services – e.g. do you actually now where your Google Apps information is physically stored? – complicates matters further. Compliance with local regulatory issues can be a thorny and sensitive issue, especially for organizations. There are many questions that arise concerning data privacy, accessibility and administration, such as:
- Data seizure due to legal investigation – organizations need to adhere to local legislation
- What is the accessibility of local authorities to data under investigation residing in a different jurisdiction
- Fear of infringement of data protection rights due to seizure of a server in the host jurisdiction
- Data losses caused by cloud provider and unauthorized disclosures in the cloud
- The cloud provider goes bankrupt – what happens to my data
If an organization migrates data, application or processes to a cloud provider in another jurisdiction it is still fully responsible for that data and needs to apply to local data protection legislation and regulations when handling personal data. In a public cloud environment this can be difficult as the organization is unlikely to know if and when data is moved, where and how it is stored and, sometimes, who has access to it and what particular security measures are in place. Therefore, it is quite possible that a dispute can arise about who is actually responsible for data protection compliance. Organizations need to be particularly careful when selecting a third-party cloud provider with this in mind and should in all circumstances require a written declaration describing how the provider will address compliance with local legislation and provide assurance in the event of data losses or unauthorized disclosures. Even better, requesting SLAs and certifications of quality and operational control, e.g. equivalent to a SAS 70 Report – Type II (Statement on Auditing Standard 70).
My analysis, opinion and news about cloud computing technologies and services.
This is my first time I have visited your site. I found a lot of interesting stuff in your blog. From the volume of comments on your articles, I guess I am not the only one! keep up the impressive work.
Nice work, Bookmarking this now. We’ll see how it goes.
I love your website! did you develop this your self or did you outsource it? Im seeking a blog style thats comparable so thats the only cause I’m asking. Either way keep up the nice work I was impressed with your content genuinely..
Hi. I wanted to thank you for the wonderful info you’ve posted on your website. I will definitelycome back to check it out once again and have subscribedto your RSS feed. Have a great day.
Hi. I wanted to thank you for the great facts you’ve posted on your website. I will definitelycome back to check it out once again and have subscribedto your RSS feed. Have an excellent day.