Posts

Privacy Commissioner and the Cloud

The Privacy Commissioner is in the news:

The Privacy Commissioner of Canada announced today upcoming consultations with Canadians on privacy issues related to cloud computing practices.

“Businesses and individual Canadians are increasingly likely to make use of cloud computing technologies,”? said Privacy Commissioner Jennifer Stoddart. “And yet, they are often unaware that their activities could be affecting their own privacy. Our goal is to learn more about these issues, so that Canadians, in turn, can also become better informed.”?

Hard to imagine anyone on the Internet not making use of the cloud these days.

Burton Group defines Cloud Computing this way:

The set of disciplines, technologies, and business models used to deliver IT capabilities (software, platforms, hardware) as an on-demand, scalable, elastic service.

Cloud computing is characterized by five essential characteristics:

  • It uses shared infrastructure.
  • It provides on-demand self-service.
  • It is elastic and scalable.
  • It is priced by consumption.
  • It is dynamic and virtualized.

The Privacy Commissioner defines Cloud Computing this way:

Cloud computing typically refers to the provision of web-based services using hardware and software managed by third parties. The services, including online file storage, social networking sites, webmail and online business applications, are generally located on remote computers. They are available over network connections, regardless of the user”™s own location.

You can provide a response to The Privacy Commissioner on this subject by email but you will find this warning on their site:

As we cannot guarantee the security of electronic systems or e-mail, we do not recommend sending sensitive personal information electronically at this time.

Cloud Computing

I read an interesting white paper on Privacy In The Clouds. The paper was presented by Ann Cavoukian, the Information and Privacy Commissioner of Ontario.

She raises concerns about the use of third-parties to host data on the web and the need to adopt identity management.

From her paper:

Our digital footprints and shadows are being gathered together, bit by bit, megabyte by megabyte, terabyte by terabyte, into personas and profiles and avatars — virtual representations of us, in a hundred thousand simultaneous locations. These are used to provide us with extraordinary new services, new conveniences, new efficiencies, and benefits undreamt of by our parents and grandparents. At the same time, novel risks and threats are emerging from this digital cornucopia. Identity fraud and theft are the diseases of the Information Age, along with new forms of discrimination and social engineering made possible by the surfeit of data.