WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

UK Information Commissioner warns organizations on cloud computing

The UK Information Commissioner’s Office (ICO) has published cloud computing guidelines for businesses which underline that companies remain responsible for how personal data is looked after, even if they pass it to cloud network providers.

Advice in the guide includes:

  • Seek assurances on how your data will be kept safe. How secure is the cloud network, and what systems are in place to stop someone hacking in or disrupting your access to the data?
  • Think about the physical security of the cloud provider. Your data will be stored on a server in a data centre, which needs to have sufficient security in place.
  • Have a written contract in place with the cloud provider. This is a legal requirement, and means the cloud provider will not be able to change the terms of the service without your agreement.
  • Put a policy in place to make clear the expectations you have of the cloud provider. This is key where services are funded through adverts targeted at your customers: if they’re using personal data and you haven’t asked your customers’ permission, you’re breaking data protection law.
  • Don’t forget that transferring data internationally brings a number of obligations – that includes using cloud storage based abroad.

Speaking as the guide was launched, author Dr Simon Rice, ICO technology policy advisor, said: “The law on outsourcing data is very clear. As a business, you are responsible for keeping your data safe. You can outsource some of the processing of that data, as happens with cloud computing, but how that data is used and protected remains your responsibility.

“It would be naïve for an organization to take the attitude that these guidelines are too much effort to simply store some data in a different place. Where personal information is involved, the stakes are high and the ICO has already demonstrated it will act firmly against those who don’t meet data protection laws.”

Download the guide as a PDF.

•Date: 28th Sept 2012 • UK •Type: Article • Topic: Cloud computing

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here