Privacy policies will change by 2012, new research suggests

August 14, 2011

Recent security breaches have put a spotlight on companies’ privacy policies. According to new research from Gartner, at least half of the companies that host their clients’ data will be forced to update their privacy policies by the end of 2012 to appease their customers.

In addition to the security breaches, customers’ worries about where across the globe their data is being housed also play a role. Read Write Web says there is a “trend among cloud customers to request that their data only be housed in jurisdictions where law enforcement agencies would not be entitled to seek court-warranted access to them.”

But, Gartner Research Director Carsten Casper says instead of demanding your data be stored in a specific country, companies should tell their vendors where they don’t want their data stored.

“Don’t demand storage in a specific country for privacy purposes alone,” Casper was quoted on Read Write Web. “There are other cases when sensitive company information should not leave the country (for example, if there are export control or national security concerns), but in most cases – and usually under conditions – in-country storage is not mandatory for privacy compliance. In some cases, it will be sufficient to ensure that personal data will not be stored in a specific country that is known for its privacy violations.”

Gartner says, cloud computing is one of six areas that will be at the top of privacy officers’ agendas for the remainder of 2011 and 2012, in addition to data breaches, location-based services, offshoring, context-awareness and regulatory changes.


Combination of private, public cloud could allay security concerns

April 29, 2010

Today we continue our conversation with Andrew Greenway, the Global Program Lead for Cloud Computing at Accenture, about their recent white paper regarding the six questions you should be asking if you’re looking at the cloud.

Greenway begins by talking about one of the biggest concerns — and potential pitfalls: security.

AG: I think probably if you talk to anyone in government, or in any organization, to be honest, about cloud, one of the first concerns or risks that comes up is around data security and data privacy. There’s a feeling that — the data’s out there, I’m not quite sure where it is — and that makes people feel uncomfortable, naturally.

Our view is, the way that that’s going to be addressed within government in particular is that, for the foreseeable future, they will use a combination of a private cloud . . . [one] created just for the government and existing within their firewall within the country, and then they’ll also have access to the public cloud. I think they’ll be very careful in thinking through which applications and which data they’re comfortable running inside the private cloud, and which they feel they really can put out into the public cloud.

I think managing that interface and how those two types of clouds work together will be key into delivering the benefits that I think are there, while maintaining confidence around data security and data privacy.

A lot of the technology really is not new. It’s there. It’s been around for awhile. I think it’s just a case of pulling that together now and organizing it in a way that meets all of those requirements.

FCB: What are some first steps [to take] if one is interested in trying to move . . . to the cloud?

AG: The first thing that I think the organization or government needs to do is to think about what it wants to achieve — if there are any new processes or new applications of computing which they would like to do and which, in the past they haven’t been able to afford. [Those] are probably very good candidates to think about cloud straight away as a potential way to do that in a cost-effective fashion.

I would encourage organizations to think about that and start piloting things. We know, for example, that the U.S. Government has launched, which is starting to do exactly that. They have a number of applications now up on that site which government departments can now tap into. . . . The idea is that, over time, more and more applications will be added. I see that growing and continuing to develop.

I think each government department needs to look at its requirements, the systems it has and the applications it needs, figure out which ones are suitable for the cloud, whether there’s a good cost benefit for moving or building something new in the cloud, and then taking a step by step approach to doing that.

I think in order to be successful, they really need to think through how they’re going to organize, whether it makes sense to have the cloud program done at the federal level, or at the local government level, or a combination of the two. I think it’s important that those decisions are made early on — and that once you’ve made those decisions, you make sure that everyone keeps to the rules. . . .

You could start to get more customer-centric processes building up where, for example, when [someone] has to change his address, he would just change it in one place, and then that would automatically be replicated across all government departments. Cloud computing, over time, I think is going to start making those sorts of processes much more feasible than they have been in the past.

I think also there are going to be some opportunities to use cloud computing for very data-intensive processes. A good example that we’re seeing in a number of industries is around analyzing data. You’ve got banks and banks of data [and] it’s not cost-effective today to go through and analyze and look for disparity in the data or whatever. But cloud computing makes that cost-effective.

So, for governments, looking for cases of fraud or claiming benefits more than once or those sorts of things, it could be a very cost-effective, powerful tool that may well prove applicable for things like that.