Data Protection act implications of subscribing to cloud computing
Global Secure Systems (GSS) (published 09/10/2008)
With an increase in data storage service offerings “in the cloud” by large corporates such as IBM and Google, companies are being warned of the possible adverse affects regarding compliance with the UK Data Protection Act.
Global Secure Systems (GSS) is urging companies to review their IT security arrangements before jumping - even on a trial basis - into the world of Cloud Computing.
'Several vendors, notably Amazon, Google and Oracle, have launched their Cloud Computing offerings in recent weeks, and now IBM has entered the fray with its Bluehouse Web-based service, which is on active trial via the firm's Web site,' said David Hobson, GSS' managing director.
'As we've said before, however, the provisions of the Data Protection Act mandate that companies must clearly state to their customers where they plan to store their data, and how they will use it. The legislation also effectively means that companies must store their data within the European Union,' he added.
According to Hobson, the problem with Cloud Computing - good though the concept of mobile and anytime, anywhere access to corporate data is - is that by effectively outsourcing the storage of data to a third-party company like Amazon or IBM, company data could end up being stored almost anywhere in the world.
And, he said, the chances of this are quite high, as Cloud Computing service vendors need to replicate the data around the world to maintain their own disaster recovery and data backup plans.
'Our caution here at GSS doesn't reflect on the integrity of these new Cloud Computing services in any way. It merely reflects the fact that corporate governance rules and, of course, data protection legislation needs to play catch-up with the real world,' he explained.
