PRIVACY, SECURITY, AND THE CLOUD
Cloud computing is a growing trend that is already more ubiquitous than you probably suspect. But relying on a third-party for the safekeeping of your information raises privacy and security issues. And as more individuals and businesses move into the cloud, these issues become increasingly important. The purpose of this short article is to briefly introduce some of the issues you and your business will want to consider before moving into the cloud. In later articles, I’ll concentrate on specific issues, and provide updates on current developments.
Simply defined, the “cloud” is electronic storage maintained by third-parties called cloud service providers. Via the internet, users can upload their information to the cloud, store it there, and then access it from any internet connection. An authoritative and more technical definition was recently finalized by the National Institute of Standards and Technology.
Already, people rely on the cloud every day. Most people use cloud-based email such as Gmail or Yahoo Mail. These companies store their customers’ email messages on servers that are located in a central location, which their customers access through the internet. Many people also store documents in the cloud, or even backup their computer’s entire hard-drive there. Facebook is another example of cloud computing: users of that service can access their profile, stored at Facebook’s facilities, from any computer connected to the internet.
Because cloud computing can be more efficient than the alternatives, businesses rely on the cloud as well. Instead of storing electronic records onsite on servers that are expensive to purchase and maintain, a company can store all of its records in the cloud. For other examples of how businesses are using the cloud to their advantage, see this Forbes.com article.
Before you or your business decides to move your information into the cloud, there are several key issues that you should consider:
Who owns your information once you upload it into the cloud? A cloud service provider’s terms of use should state who owns the information it stores. However, terms of use may be subject to change.
What rights does your provider have over your information?
What happens if you decide to terminate the relationship? Does the provider have any power to retain your records in case of a dispute?
Whose law governs the legal relationship between you, your information, and your provider? When your information is stored in a different physical location than you or your business, different states’ laws may apply. Indeed, international law may even apply.
Who will have access to the information? Electronically stored records are subject to an aging federal law that allows the government to obtain those records without a warrant. For more information on this aging law and efforts to update it, see this Wired.com article.
Businesses face unique issues in the cloud, and should consider these additional matters:
Would storing your customers’ records in the cloud violate any privacy laws? Medical records, for example, are subject to specific laws regulating confidentiality. It’s important to make sure that utilizing cloud storage won’t run afoul of any laws.
What is the cloud service provider’s data-retention policy? For several reasons, it is important to ensure that your own record-retention policies are in accord with your cloud service providers.
How secure is the information? A business that fails to ensure that its customers’ records are safe could face liability for a security breach, which, as this Financial Times article explains, can result in huge costs. Due diligence is required.
As cloud computing grows, the issues it raises will become more prevalent, important and varied. A move into the cloud should be informed by a careful consideration of the risks and issues that exist today and by an understanding that as technology advances, new risks and issues may arise tomorrow.