23 April 2015
Don’t put your head in the clouds when it comes to data protection
Most of us will be familiar with the term Cloud Technology, even if many of us really don’t know what it involves. The ability to store data in “the cloud” is big business but, as Simon Carroll, an associate in B P Collins’ litigation and dispute resolution team, explains, before you entrust your precious data it pays to ask a few questions first.
“More and more people and businesses are being encouraged to use cloud-based storage. Not only is it more cost and space effective than having servers in your office, but it enables you to synchronise information and access it from anywhere,” said Simon.
“While it might sound like a very simple solution, that data has to be stored somewhere and very often the ‘cloud’ is nothing more than rented storage space on a very large data farm, which can be overseas.”
Simon warns that storing data in overseas locations can leave your information vulnerable to the laws of that country. As an example, he cites an ongoing court case between the FBI and Microsoft over the latter’s refusal to automatically reveal information about a Hotmail account located outside the US.
Similarly, the Patriot Act allows the US authorities to seize any assets or information which could be seen as a threat to national security, something which could have unforeseen consequences for a UK business.
“If your information is being held on a server in the US which the US government decides to shut down because it needs to access data, then you have no way of controlling what happens next, which can potentially leave you and your business very exposed,” he said.
Although the UK’s Data Protection Act sets out obligations that data processors must adhere to, Simon says the law has been slow to keep up with the global explosion in data storage.
“The Information Commissioner’s Office has the power to prosecute people and companies if they don’t comply with data protection legislation. Although I think we will see more significant fines, there are a lot of practices which don’t really fall under the legal parameters of the Act, especially when it comes to transferring data overseas and the manner in which that data is processed,” he continued.
“People need to be aware that although it is sold as being a convenient solution, you cannot rely on the security of the cloud, as some businesses and celebrities have found out recently to their cost.”
Simon recommends asking your cloud provider the following questions before signing a service agreement:
• Where will your data physically be held
• Can you physically access your data if you need to
• Does your data access depend on a third party
“If you are confident that cloud storage really suits your business needs and you can satisfy yourself with the answers to these questions, then the cloud – if not the sky – could be the limit. But if you’re unsure, then it might be time to look for alternatives,” he concluded.