If offshore cloud compromises your data we’ll sue you, not them: Privacy commissioner
Organisations investing in off-shore cloud services could find themselves on the pointy end of legal action should the privacy of Australians be breached as a result, Victoria’s acting privacy commissioner has warned.
Laying out the government’s position on the legal status of cloud computing in a wide-ranging speech at the recent Evolve.Cloud conference, Dr Anthony Bendall noted that concerns about the privacy-compromising potential of new technologies are nothing new, citing concern in the 1890s over the then-nascent field of photography.
Cloud computing has had a similar effect, with vendors’ and customers’ technological aspirations tempered by ongoing discussions about the legal and risk status of cloud-computing providers in relation to the personal data of Australians.
Many companies have already rushed into the cloud ignorant of privacy concerns, Bendall said. “I have seen the willingness of organisations to rush headlong into projects that promise to save tens of thousands of dollars and increase productivity, but without stepping back to consider obligations such as privacy,” he explained.
“My office has already been consulted on projects where the cloud is being used without deep analysis of the risks and benefits, or a full appreciation of the impact it might have on information privacy.”
Like similar organisations in other states and at the federal level, Bendall’s office has been working to help companies and government agencies clarify their privacy obligations, with cloud computing one of dozens of topics covered in detail in recently published information sheets.
The cloud computing information sheet spells out a definition of cloud computing and lists guidelines for use of both private and public clouds. And while they offer specific advice about cloud computing, Victoria’s state Information Privacy Principles are rooted in the nearly identical http://www.privacy.vic.gov.au/privacy/web2.nsf/pages/information-privacy-principles maintained by the Commonwealth Office of the Australian Information Commissioner.
“The promise of cheap storage, low-cost technical support and unlimited scalability are too tempting to resist, and the juggernaut appears to be impossible to stop,” Bendall said. “Yet while contemporary IT brings significant challenges to the field of privacy and data protection, these challenges aren’t insuperable. It’s entirely possible to use cloud computing in a way that does not compromise the privacy of individuals.”
That doesn’t mean they are easy, however: one of the major obligations on users of public cloud services, for example, is that organisations ensure those cloud services subscribe to privacy controls that are as stringent as those required by the organisation itself. The same goes for contractors that might have cause to access the cloud data — which the contracting organisation must ensure subscribe to equally rigorous privacy controls.
Bendall warned against haphazard de-identification of personal data, which has been floated as a way around privacy controls that would facilitate greater use of overseas public-cloud services.
Visit link: If offshore cloud compromises your data we’ll sue you, not them: Privacy commissioner
