Cloud Legalities

Author: Dave Paine
Published: July 13, 2011 at 5:45 am
Share


I seem to meet a great deal of ignorance when it comes to the legal side of cloud computing, and this is rather worrying. Jason Bloomberg recently addressed some of these issues in his post, and indeed it has been mentioned elsewhere, but the potential threats and legal ramifications cannot be overstated.

One particular point that I believe gets very little attention is the process of moving customer data across borders. Part of the problem here is that, for example in Europe the law is at best murky and at worst unfit for purpose when it comes to cross border data transfer: it was written in a time when this sort of problem did not need to be considered. With the advent of cloud computing hitting the mainstream, data can - and typically will - jump across a country border faster than an Olympic sprinter and will do so without even a "by your leave". When an organisation trusts their data to the public cloud, unless they explicitly pay for a bespoke service, that data will reside on some server somewhere with no guarantee of where that server is. Certainly, the provider might say they host the data on the East Coast of the US (which is already outside of the European Union and has thus crossed the border for most), but can it be guaranteed that the data is not backed up somewhere else?

Of course, there are good reasons why the laws have not been firmed up and updated: the situation is incredibly complicated. For example how should data be treated if it originates in a country with very stringent data protection laws but ends up in one with lax data protection laws and then has its protection violated in a way that would contravene the laws of the former but not the latter? There are many suck gotchas that need to be addressed and then ratified in all countries to come up with a coherent plan - I don't see this happening any time soon.

For this reason, of course, most financial organisations will not use the public cloud at all, realising it is far too risky a proposition. The question thus becomes rather simple: how much risk do you want to take with your clients' data?

--
Image credit: jscreationzs

 
 
Read comments on this article, and add some feedback of your own

About this article

Profile image for thebigstoat

Article Author: Dave Paine

With a background of over 20 years in the IT industry, Dave has gained a vast and in depth knowledge of the computer software business, having played a key role in every aspect of product production from requirements gathering and planning through to development, test, build and packaging. …

Dave Paine's author page

Article Tags

eds-pick, Litigation,
Share: Bookmark and Share

Add your comment, speak your mind

Personal attacks are NOT allowed
Please read our comment policy