Cloud Computing is becoming more commonplace in business and even if we are not aware of it we have almost certainly benefited from this technology. In theory (and hopefully in practice) Cloud Computing is something that is really important for businesses because it makes things a lot easier and more cost-effective; it means not having to install software and data on every PC. There are undoubtedly many advantages to Cloud Computing but there are also some concerns associated with it as well – in particular as regards to data security.
The Risks Associated with Cloud Computing
The way that Cloud Computing works means that data can be spread over a very large geographic area; often across different countries. In a lot of situations the data held will be private and could include such things as personal details and possibly even credit card details. The fact that a lot of this data is so sensitive means that it is covered by laws in different countries. In the UK and the rest of the European Union there are data protection laws that are applicable to the storage of data using Cloud Computing.
There are particular aspects of data protection law in the UK and EU that are particularly worth mentioning in regards to Cloud Computing and these include:
• Laws pertaining to the international transfer of personal data
• The obligation of a business to take responsibility for any personal data they have access to.
• Expectations in regards to the security measures that any business will be expected to take.
• Regulations in regards to how a third party will be allowed access to this data
In the UK the main governing legislation is the Data Protection Act 1998.
Not only is a business expected to abide by the rules as they pertain to data protection but failure to do this could lead to harsh financial penalties.
What the Data Protection Laws Mean for Businesses Using Cloud Computing
The law in regards to data protection does obligate a business using Cloud Computing to share data. The main concerns will be how the information is stored and the relationship between the business and the entity providing Cloud Computing services. The first concern in regards to where the data is stored can be problematic for those using Cloud Computing; the fact is that the data can be stored anywhere in the Cloud and even the person managing won’t usually know where each piece of data is at any given moment. If the information ends up outside the jurisdiction of the EU then this could lead to problems, because according to the law any data can only be stored in those countries where security is assured. This means then that a business using Cloud Computing will need to ensure that their data can only end up in parts of the world where it can be kept secure.
The other concern is the relationship between the business using Cloud Computing services and the person providing these services. It is up to the business owner to ensure that the other party does not misuse the data in any way as they should remain the Controller of the data. The person providing Cloud services should only dealing with the data as instructed by the person who is controlling the data (the business responsible for it). In order to ensure that things occur as they should there needs to be a contract between the two parties which stipulates the legal expectations for both sides. It is vital that the service provider is already working in accordance with data protection policy and implementing the needed procedures. Although the provider of the Cloud Computing service has obligations to protect data the ultimate responsibility still lies with the company who is using this service. This means that a company is considering using a Cloud Computing service they will need to ensure that all legalities are being met.
Some Final Thoughts on Cloud Computing and Data Protection
Cloud Computing is a practical and cost-effective solution for businesses. There are data protection responsibilities that must be taken seriously, but so long as the Cloud Computing provider is reputable and the contract meets legal requirements there should be no real problems.