Wednesday, February 25, 2009

Cloud Computing Privacy

As organizations and individuals make the move to cloud computing service such as storage, video, financial, social networks, the question of how to retain privacy becomes more important. Each site or system has a different privacy policy, different security architecture, and different potential risks. These can vary widely, and individuals and organizations each have concerns about how their data is stored, used, and made available.

The World Privacy Forum, has both an in depth report (PDF) and brief tips for consumers and business organizations. If your organization is considering using cloud based services, this is a great starter document to review, with details on the Electronic Communications Privacy Act, the PATRIOT act, HIPAA, the Fair Credit Reporting Act, and many other related laws, policies, and requirements that may affect your data and disclosure. It also discusses subpoenas, ownership, and even venue, making it the most complete cloud computing privacy overview that I've seen.

They suggest simple behaviors such as reading the terms of service, limiting what data you make available, and how the provider will use your information. With the recent outcry about Facebook's
Terms of Service change - and their subsequent change and clarifications, this is very much a current topic.

No comments: