Welcome to our new series dispelling some of the most common myths around data privacy and security in cloud computing solutions. This series will equip you with:
- a solid understanding of the pros and cons of cloud computing for privacy compliance;
- an increased ability to discuss challenges with customers and providers; and
- practical guidance for contracts between vendors and customers.
These days, it is hard to imagine a world without cloud computing. Businesses of any size and nature have embraced this business model whereby they buy the right to access and use enhanced software, computing power or data storage space on remote servers operated by external service providers. These “hosted solutions” (which we collectively refer to as “cloud computing” in this series) typically offer users additional functionality, storage or processing capacity without having to invest in equipment or software they would otherwise require.
While attractive and, by now, indispensable to businesses from an operational and financial point of view, cloud computing raises multiple concerns amongst data privacy and security advocates around the world. These mainly stem from the fact that, in cloud computing solutions, data is handed over to third parties and shared across geographical borders.
Common preconceptions include, for example, that cloud computing compromises data security, is inherently bad for privacy, violates local record retention requirements and confuses the respective roles of data controllers and data processors. While some of these concerns may be valid in certain scenarios, many of them do not hold up against a thorough analysis of the facts.
Myth 1: Cloud Computing Presents Fundamentally New and Unique Challenges for Data Privacy and Security Compliance.
Fact is that consumers and companies have been entrusting specialized service providers with personal data for a long time, including telecommunications companies, payment processors, accountants and various outsourcing service providers (e.g., payroll, call centers, and IT support). For nearly two decades, we have made the Internet an integral part of our information society and economy – and the Internet is founded on the principle of decentralized transfer of data across geographies, devices and connections. Even the very services and models that are currently hyped as ‘cloud computing’ have been promoted for 15 years or so by an up-and coming industry that initially referred to itself as ‘application service providers.’ Transferring data to service providers and remotely hosted solutions certainly creates challenges – but they are neither new nor unique.
Our next post is focused on dispelling myth number 2, that cloud computing involves more data sharing, and that is inherently bad for privacy.