Feeds

Trust lawyers, not techies, when it comes to the cloud

Minefield of privacy and data laws - so tread carefully

Internet Security Threat Report 2014

CCWF2012 CIOs thinking of shifting to the cloud or kicking off a flagship big data project would be better off talking to their lawyers than their techies before starting to leaf through glossy corporate presentations.

Mark Webber, partner and head of technology at law firm Osborne Clarke, speaking at the Cloud Computing World Forum today, said that while the cloud and big data are the buzzwords du jour, CIOs' plans are still governed by UK and EU data law passed in the mid-1990s. Personal data will be covered by whatever "promises" were made at the time it was collected.

"Sometimes the simplification of technology can complicate the legal analysis and cause more legal problems than with a traditional solution," he said.

"In a few instances, where you can't change a solution, you might have to buy a different one."

Obvious issues were security and location of data, with most companies at least vaguely aware of the implications of moving data outside of the EU.

Less obvious was the fact that the more complex the "stack" – with the client's provider itself outsourcing elements such as database analysis – the more potential there was for breaching EU regulations, and bringing data under other, potentially contradictory data regimes.

Even more obscure, if only because of the inevitable affect of corporate amnesia, was the effect of original promises made to individuals when their data was collected.

This equally applied to big data applications, said Webber, where the corporate urge to mine data just to see what's there can conflict with assurances given to individuals at the time it was collected. A further layer of complexity is added when such mounds of data have been accumulated by successive company mergers and acquisitions over a course of years, all covered by different assurances on privacy.

Webber said the very nature of cloud services meant that customers could sign up, tap in a credit card number and start uploading data without ever contemplating what the corporate lawyers - if any - would say. When a cloud service appears as a £1,000-a-month credit card item, it's entirely possible it might never breach the threshold for being examined by lawyers.

Generally, he said, most hurdles could be overcome with transparency, and he said US vendors were becoming increasingly aware of "best practice" in the UK and Europe.

If there's any comfort for data managers who don't like to bring themselves to spend money on lawyers rather than tech, virtually none of this has actually been tested in court. Webber said most cases involving personal data have focused on data loss and breaches. ®

Security for virtualized datacentres

More from The Register

next story
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
The DRUGSTORES DON'T WORK, CVS makes IT WORSE ... for Apple Pay
Goog Wallet apparently also spurned in NFC lockdown
IBM, backing away from hardware? NEVER!
Don't be so sure, so-surers
Hey - who wants 4.8 TERABYTES almost AS FAST AS MEMORY?
China's Memblaze says they've got it in PCIe. Yow
Microsoft brings the CLOUD that GOES ON FOREVER
Sky's the limit with unrestricted space in the cloud
This time it's SO REAL: Overcoming the open-source orgasm myth with TODO
If the web giants need it to work, hey, maybe it'll work
'ANYTHING BUT STABLE' Netflix suffers BIG Europe-wide outage
Friday night LIVE? Nope. The only thing streaming are tears down my face
Google roolz! Nest buys Revolv, KILLS new sales of home hub
Take my temperature, I'm feeling a little bit dizzy
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.