Extract from ICO newsletter in december….
Last month one of our e-newsletter readers asked whether the ICO had produced guidance on the issue of cloud computing. In response we have included the following guidance taken from our publication ‘Personal Information Online – Code of Practice’ which includes a section on cloud computing, and can be seen here.
From a data protection point of view it is important to remember that organisations using these services might not store the personal data they are responsible for on their own equipment. Therefore they often can’t be certain where the personal data is being processed and by whom. Clearly, this raises compliance issues that those using internet-based computing need to address.
Organisations using an internet-based service must not relinquish control of the personal data they have collected, or expose it to security risks that would not have arisen had the data remained in their possession in the UK. To overcome this problem a written contract should be in place.
It is also good practice to encrypt the data before it is transferred to the online services company. This should render the data useless to any hackers and snoopers without the key, regardless of the jurisdiction it is in or who is processing it.
For more information about the Information Commissioner’s Office please visit our website at http://www.ico.gov.uk. Alternatively, you can find us on Twitter at http://www.twitter.com/ICOnews.