Privacy commissioners call on small- and medium-sized businesses to look before they leap into the cloud
EDMONTON, June 14, 2012 – Increasingly today, the word cloud is almost as likely to be spoken in a conversation about computing as it would in a discussion about the weather. New guidance issued by the Privacy Commissioner of Canada, and the Information and Privacy Commissioners of Alberta and British Columbia seeks to provide insight for small- and medium-sized enterprises (SMEs) to help their forecasting of potential benefits and risks posed by cloud-based services.
Cloud computing is the delivery of computing services over the Internet. SMEs may be attracted to cloud services as they can significantly reduce the cost and complexity of owning and operating computers and networks. Businesses using a cloud service provider don’t need to spend money on information technology infrastructure, or buy hardware or software licenses. Cloud services can also enable a business to store data offsite with the ability to access it over the Internet from the office, home or virtually anywhere.
In essence, this is a form of outsourcing. Businesses need to remember however that for any information they put in the cloud, the responsibility to safeguard it to the level required by Canada’s private sector privacy laws remains firmly with them.
The guidance includes key precautions and advice, such as:
- Pay close attention to cloud service contracts. For example, might the fine print allow for third-party disclosures of the information stored?
- Are your customers aware that their information might be outsourced to the cloud and do you have their consent?
- Where in the world is the data stored and what law may apply? No matter what, the business outsourcing the data is responsible for ensuring it’s protected to a level expected under Canadian privacy law.
For more information see: OIPC website