While New Zealand privacy commissioner Marie Shroff is right when she warns small business owners they risk privacy breaches when using cloud computing, the problem is not just about moving data to remote datacentres.
As Shroff points out privacy laws apply whether a company stores information in its own computers or in a cloud datacentre in New Zealand or on the other side of the world. She reminds business owners they legal obligations and they need to keep their clients’ trust if they don’t want to lose customers.
Shroff’s comments come as her office releases a ten-step check-list and a downloadable PDF guide for companies using cloud computing. Both contain the same information. And although written for New Zealand companies, it is useful anywhere in the world.
The check-list advice is straightforward and puts matters in perspective. For example, it tells businesses that cloud computing isn’t necessarily riskier than storing information locally – especially if when data is kept on a poorly secured server.
And it makes clear where responsibility for cloud privacy lies:
All cloud services involve trusting someone else with your clients’ personal information to some extent. Your cloud provider might have some responsibility for handling the information safely – check the contract. But if you’re putting client information in the cloud, you’re still responsible for it. The buck stops with you. Period.