What can users do?

Companies and individuals who have or are considering moving to the cloud should take certain precautions to address privacy and security concerns.

For Businesses...

  • Form a service level agreement (SLA) with cloud computing service provider to store data in the continental United States to eliminate potential privacy and security issues related to foreign government officials potentially gaining access to sensitive data.
  • Request cloud computing service provider to segregate company’s data from other customers’/companies’ data
  • Encrypt data and limit access to decryption keys
  • Require background checks and security clearances for key employees
  • Address data breach liability
  • Limit the service provider’s right to process company’s data only for the purposes described in the contract
  • Involve all departments (e.g., IT, legal, information security, and all of the relevant business groups) when developing contracts with cloud computing services

In 2009, The World Privacy Forum made several recommendations concerning cloud computing which included the following for organization’s considering the use of cloud computing:

  • Read and understand the terms of service and the privacy policy before allowing any information to be placed in a cloud and determine whether the cloud provider will give advance notice of any changes in the terms of service or privacy policy.
  • Ensure that the cloud service provider gives adequate notice before complying with a subpoena to allow time to move to quash if necessary.
  • Be aware of any information indicating the cloud provider reserves the right to use, disclose, or publicize user information.

For Individuals...

Cloud Computing Privacy Tips for Consumers, Business, and Government: http://www.worldprivacyforum.org/pdf/WPF_Cloud_Tips_fs.pdf

Additional Resources on Cloud Computing Self-Regulation and Best Practices