Feeds

Trust lawyers, not techies, when it comes to the cloud

Minefield of privacy and data laws - so tread carefully

Top three mobile application threats

CCWF2012 CIOs thinking of shifting to the cloud or kicking off a flagship big data project would be better off talking to their lawyers than their techies before starting to leaf through glossy corporate presentations.

Mark Webber, partner and head of technology at law firm Osborne Clarke, speaking at the Cloud Computing World Forum today, said that while the cloud and big data are the buzzwords du jour, CIOs' plans are still governed by UK and EU data law passed in the mid-1990s. Personal data will be covered by whatever "promises" were made at the time it was collected.

"Sometimes the simplification of technology can complicate the legal analysis and cause more legal problems than with a traditional solution," he said.

"In a few instances, where you can't change a solution, you might have to buy a different one."

Obvious issues were security and location of data, with most companies at least vaguely aware of the implications of moving data outside of the EU.

Less obvious was the fact that the more complex the "stack" – with the client's provider itself outsourcing elements such as database analysis – the more potential there was for breaching EU regulations, and bringing data under other, potentially contradictory data regimes.

Even more obscure, if only because of the inevitable affect of corporate amnesia, was the effect of original promises made to individuals when their data was collected.

This equally applied to big data applications, said Webber, where the corporate urge to mine data just to see what's there can conflict with assurances given to individuals at the time it was collected. A further layer of complexity is added when such mounds of data have been accumulated by successive company mergers and acquisitions over a course of years, all covered by different assurances on privacy.

Webber said the very nature of cloud services meant that customers could sign up, tap in a credit card number and start uploading data without ever contemplating what the corporate lawyers - if any - would say. When a cloud service appears as a £1,000-a-month credit card item, it's entirely possible it might never breach the threshold for being examined by lawyers.

Generally, he said, most hurdles could be overcome with transparency, and he said US vendors were becoming increasingly aware of "best practice" in the UK and Europe.

If there's any comfort for data managers who don't like to bring themselves to spend money on lawyers rather than tech, virtually none of this has actually been tested in court. Webber said most cases involving personal data have focused on data loss and breaches. ®

High performance access to file storage

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.