according to Google the future is in the cloud – soon we all may have information about us are kept there, wherever "there" is. Organizations no longer have to store data, including personal data, on their own servers in their own premises; economies of scale combined with relatively straightforward technology means that if there is storage space for data I manage and treat over there, a place I can save it over there, use the space on a server that would otherwise be blank.
There is very simply as "the cloud" and enable. It is not (yet) any server, we can use to store our data, but any server that has been opened for us, having a computing cloud agreement. And cost saving, inevitably, is very attractive to the company if the data storage needs exceed its ability or willingness to invest in ever-increasing data storage for single use.
The security implications of data have been a cause for concern in the European Union, which is involved in regulating the way our private information is handled. Data protection law requires companies to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction and damage. In addition, personal data must not be transferred outside the European economic area unless it goes to a country that has the rights and freedoms of individuals in relation to the way it is processed and stored sufficient protection.
The cloud challenge is that these simple statements are out of date. I don't know actually, where I store data in the cloud. I know is when I need it, it is available to me. It will be saved somewhere out there where storage is cheap, or where there is storage space available. I could make this scenario more complex – I collect data in the United Kingdom, save it in Portugal and share it with my Danish subsidiary. Or add layers of complexity – I save it (let us believe applied,) it turns out, partially in Egypt, through my Cloud storage vendor.
And as a data subject (the person about whom the data relates), while I may have some legal redress, if data about me delicious, I really want to know is that when I give it to them to look, you do not want to scatter to the corners of the world for all to see. Enterprises face a number of potentially conflicting pressures: to reduce costs and achieve the full benefits of technology on the one hand, and on the other hand, to ensure that personal data be stored safely and abide by the law.
Guidance produced by UK Information of the Commissioner Office last July warns that organizations use cloud-computing must give up control of the personal data they collect or postpone it for vulnerabilities that what would have been if it had been maintained in the United Kingdom. ICO guidance says there must be a written contract in place to require the provider of web-to-follow instructions from your organization uses it and have the same security in place. It says also, it is good practice to encrypt data before it is transferred to protect it from hackers.
European digital agenda Commissioner Neelie Kroes, has urged these building clouds include appropriate levels of data security in their services. At the same time, the EU is in the process of reviewing the General legal framework for the protection of personal data (with a view to proposing a new directive in the years) and are looking to release a cloud computing strategy in 2012. Where these issues country the next 12 months should determine how we legally handle data for the next decade. It is in the meantime, a moving target.
Adam Rose is a partner at Berwin Leighton Paisner and specialised in outsourcing and information technology issues
No comments:
Post a Comment