European companies using the cloud are potentially contravening data protection laws in the UK and Europe.
An investigation by Future Intelligence into the legal position of data stored in the cloud has found that many companies are running the risk of prosecution.
Legal experts contacted by Fi, say in its current form that the cloud technology system worth £14.4 Bn globally to the technology companies promoting it, puts companies trusting personal data in breach of data protection legislation.
“As it stands the cloud doesn’t comply with data protection,“ said Susan Hall, partner in the Technology, Trade and Media unit at the Manchester-based national legal practice Cobbetts.
“People go into the cloud for economies of scale and the very factors that lead to those economies of scale are the exact same factors that are likely to lead to the information that they store via the cloud being less well protected and less compliant with the data protection regime.”
Hall is not alone, every legal expert contacted by Fi confirmed that any company trusting its data to the cloud has virtually no protection against potential prosecution because cloud providers can neither guarantee that their cloud technology complies with existing EU data protection regulations nor will offer contracts indemnifying their clients in the event of any data loss.
A spokesman for the UK Information Commissioner’s Office confirmed that there were issues with the cloud.
“The legal experts are quite right. If you have an agreement with a cloud service provider it doesn’t absolve a company of its responsibilities under the Data Protection Act, which requires them to have adequate measures in place to protect the data that they control,” said the spokesman, adding that the European Council’s Article 29 Working Party on data protection is due to report on the issue later this month,
The main reason for this is because the cloud works by allowing companies to house their data on computers that are continually moving the location of that data which can put those companies in breach of data protection legislation and leave them open to fines of up £500,000 that could rise to 2% of global turnover if new penalties being proposed by the EU are adopted.
The risks posed by this have been stressed in the US by the American National Institute of Science and Technology which became so concerned about the issue that it wrote a paper trying to provide clarification and warned : “Clouds have the potential to aggregate an unprecedented quantity and variety of customer data in cloud data centres. This potential vulnerability requires a high degree of confidence and transparency that cloud providers can keep customer data isolated and protected.”
A detail confirmed by Professor Fred Cate, a highly respected data protection and legal expert, who advises the US Department of Homeland Security and the Defense Advanced Research Projects Agency.
According to Cate guaranteeing that copies of data are not left behind in the cloud is incredibly difficult because of the nature of internet technology.
While according to Kathryn Wynn, a data protection expert for the international law firm Pinsent Masons, the current situation means that companies using the cloud face the prospect of being legally liable for data that they have little effective control over.
“The problem is that the Data Protection Act does not really command any mechanism to allow organisations to ensure that its cloud arrangements are compliant. At the moment they can end up in a situation where they are technologically compliant but what matters is how secure its data is and they cannot guarantee that.”
The issue for companies wanting to use the cloud is that under the terms of the Data Protection legislation that they are liable for the data that they have collected and have a duty of care to make sure that they know what is done with it, including being sure that they know it has been destroyed.
A level of detail that cloud computing is hard pushed to be able to deliver as it is only able to offer cheap computing by allowing companies to share computer resources and the technology actually moves data around within computer centres and between computer centres in different parts of the world.
This is an extract from an article published by Future Intellegence
to read full article click here
“Origin Storage has always believed that Cloud will play a huge role within computing as a whole, but from a stand point of where your sensitive data should be kept, we believe it should always stay under your protection.
This why Origin Storage has always handpicked specific products that keep the customer 100% in control, and have complete transparency in managing all encrypted devices, whether being SED’s (Self-Encrypted Drives), Encrypted Drive SSD or DataLocker for encryption on the move.
With customer control and transparency in mind , Origin Storage has recently signed a distribution agreement with Wave Systems Corp to distribute their Encryption management software, utilising the TPM Chip (Trusted Platform Module), which is already installed on over half a billion systems worldwide, the software which includes Bitlocker management, EMBASSY Remote Administration software, as well as Safend Data Protection Suite for all your end points.
For full details of Wave Systems software please click Here