Talk of cloud computing is everywhere. The dust is settling on many issues surrounding this new way of managing your data. Concerns about privacy have permeated every business decision, and the implications of where your data resides will make managing privacy more difficult.
We were concerned about the implications of the Patriot Bill in the U.S. and where the websites of clients were being hosted. However, there are some Canadian laws just as worrisome. With cloud computing, the debate is no longer confined to Canadian or the U.S.; your data could be anywhere and everywhere.
While only some provinces have laws regulating how personal information can be exported from Canada, as Vawn Himmelsbach writes in his article “Clouds in Canada: The Legal Issues”, organizations are still bound by expectations of reasonable security of this data. The EU has stringent laws governing the export of data across borders and this can conflict with the laws in the country of the owner of the data.
With cloud computing, the big issue may not be the security of your data, but navigating the privacy laws in the countries where your data resides when laws may be tighter (or more relaxed) than where your corporate governance is determined. As David Fraser points out in this article, doing your due diligence about the how the cloud service fits your privacy requirements can very difficult.
Source: “Clouds in Canada: the Legal Issues”, CIO Canada, May 2011, vol. 19, no. 4