Businesses looking to embrace cloud computing should consider the potential risks before taking the plunge. And to help them do that, a group of government agencies has released a guidance paper called "Cloud Computing for Small and Medium-sized Enterprises: Privacy Responsibilities and Considerations".
Cloud services can reduce the cost and complexity of information technology infrastructure for small businesses. But the Privacy Commissioner of Canada and the Information and Privacy Commissioners of Alberta and British Columbia say businesses need to remember they have a responsibility to safeguard any information they put in the cloud, such as customer data.
"Cloud services centralize vast amounts of a business's personal customer and client information," says British Columbia information and privacy commissioner Elizabeth Denham. "This can create a heightened risk of intrusion and data loss, so we urge SMEs to check with their service providers to ensure security measures are sufficient to protect sensitive data."
The guidance paper includes precautions and advice, such as:
- Pay close attention to cloud service contracts; the fine print might allow for third-party disclosures of the information stored.
- Are your customers aware that their information might be outsourced to the cloud? And do you have their consent?
- Where in the world is the data stored and what laws may apply? No matter where the data is stored, however, the business outsourcing the data is responsible for ensuring it is protected to a level expected under Canadian privacy law.