Tuesday, 2 October 2012

Cloud computing – new ICO guidance

via Panopticon Blog by Anya Proops

Cloud computing is becoming an ever more pervasive feature of the technological world. Whether one is dabbling in social networking or purchasing goods online, the truth is that we all, to a greater or lesser extent, now have our heads in the virtual clouds. However, the use of cloud computing inevitably raises important information law issues, particularly in terms of the impact on privacy rights and also under the Data Protection Act 1998. So far as the DPA is concerned, issues which fall to be considered include:
  • who actually controls the data which is being processed via the cloud (i.e. who is liable under the DPA if things go wrong in data protection terms)
  • what steps a data controller may be required to take to safeguard against misuses of personal data within the cloud
  • the security implications of processing personal data through cloud computing and, in particular, whether the processing of data via the cloud is compliant with the seventh data protection principle
  • the legality of using clouds which operate transnationally and, hence, which may bring into play the application of the eighth data protection principle on cross-border data transfers
Importantly, the Information Commissioner has today [27 September] issued guidance which is designed to help organisations navigate their way through the potentially complex DPA issues which may arise in the context of cloud computing. You can find the guidance here.

Continue reading Anya’s post here

No comments: