Overview — Data protection aspects of cloud computing

The opportunities presented by cloud computing make this technology one of the most important IT developments in recent years, with both the private and public spheres increasing their uptake of cloud services. Workplace environment transformations, increased collaboration, shared or remote workspaces, and flexible work arrangements, have all encouraged the proliferation of cloud computing.

The Australian Signals Directorate (ASD), adopting the definition developed by the National Institute of Standards and Technology (NIST), defines cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (eg networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

But with increased opportunity there is also corresponding risk. The shift to cloud computing raises issues and risks regarding:

• • the collection;
• • storage; and
• • handling,

of personal information. Purchasers and consumers of cloud computing products and services must have a firm understanding of these issues and risks and their legal implications.

With that in mind, the purpose of this subtopic is to:

• • alert current and prospective cloud computing users to data security and contracting issues that may arise in connection with cloud computing;
• • provide an overview of the application of privacy and data protection laws to storing, processing and accessing information within a cloud environment;
• • highlight cross border data transfer and supply chain risks; and
• • outline some of the key data security standards relevant to cloud computing.