The Information Commissioner’s Office (ICO) has issued guidance on cloud computing, warning that businesses need to remember that under British law they are responsible for whatever happens to their data.
The guidance includes advice on seeking assurances on data security in the cloud and assessing the physical security of cloud vendors’ data centres. It also recommends ensuring companies secure proper service level agreements (SLAs) from providers.
“The law on outsourcing data is very clear. As a business, you are responsible for keeping your data safe. You can outsource some of the processing of that data, as happens with cloud computing, but how that data is used and protected remains your responsibility,” said Dr Simon Rice, ICO technology policy advisor.
“It would be naïve for an organisation to take the attitude that these guidelines are too much effort to simply store some data in a different place. Where personal information is involved, the stakes are high and the ICO has already demonstrated it will act firmly against those who don’t meet data protection laws.
“Figures show that consumers are concerned about how secure their data is when they use cloud storage themselves. It takes little imagination to consider that businesses not reflecting those concerns will quickly find themselves losing customers’ good will.”
The ICO has severely punished a number of firms for not taking care of data when outsourcing operations. The Scottish Borders Council was handed a £250,000 fine after the ICO said it had failed to properly manage a company it had employed to digitise pension records. The council is considering an appeal, however.
The Brighton and Sussex University Hospitals NHS Trust is appealing a £325,000 penalty it was handed after an issue with an outsourcer. The Trust had employed an “experienced NHS IT service provider” – Sussex Health Informatics Service (HIS) – to dispose of a number of redundant hard drives, some of which were placed on eBay even though they had a significant amount of personal data on them.
Are you a security guru? Try our quiz!
US judge sentences Binance founder, Changpeng Zhao, to four months in prison for ignoring money…
Rights group argues ChatGPT tendency to generate false information on individuals violates GDPR data protection…
European Commission says Apple's iPadOS is 'gatekeeper' due to large number of businesses 'locked in'…
As the cloud continues to be an essential asset for all businesses, developing and maintaining…
Internatinal conference in Vienna calls for controls on AI-powered autonomous weapons to ensure humans remain…
US highway safety agency opens formal investigation into Ford BlueCruise following two fatal crashes in…
View Comments
One advantage of using a proper cloud provider is that the clustered storage systems do not have any readable information on an individual disk because of the way the data is stripped across machines and disks.
Which means that even if their accredited secure disposal fails to wipe disks properly. It will not be possible to recover the data with out the rest of the disk set which will be spread over multiple machines and arrays.
PS This has happened a number of years ago on a much larger scale and the provider had to buy and trace all the disks through ebay to recover them.
PSS Teh proverd in question now has a destruction process.
Last line was off the screen sorry about the typos.