Earlier in the year, I wrote a blog post titled “Is my data safe in the Cloud?”, where I explained that actually my personal data was safer in the cloud than it was on my own laptop - because there’s less chance of it disappearing (and through clever syncing using Windows Live Mesh, I ensured that I could have it both in the Cloud and on my laptop).
But when people ask “Is my data safe in the Cloud?”, they can often be thinking about another aspect - whether it’s safe from other organisations looking at it.
If you’re using a Microsoft Cloud-service, you can find out about our data security, privacy and compliance principles at the Microsoft Online Services Trust Centre.
The other aspect people are concerned about is whether governments can go dipping into the data to find out things. Specifically, people have often asked about the US Patriot Act, which they’ve assumed gives the US government the right to dig into data. It definitely doesn’t provide for routine access to data stored up in the cloud. Jeff Bullwinkel, Microsoft’s Associate General Counsel and Director of Legal & Corporate Affairs in Australia, wrote a blog post recently about the US Patriot Act and what it does (and doesn’t allow). It’s worth reading if you’d like to understand some of the background to the impact, but I’ve pulled out one key quote from his post, relating to data access in criminal cases:
The point Jeff concludes with is that there are common misunderstandings and confusion about data protection in the Cloud, and that when you’re considering what you might be doing with data in the Cloud, you need to carefully pick out the genuine issues from the mass of confusing opinions (often with no basis in fact) that bounce around.
Within education in Australia, there are more examples of Cloud-based services being used by staff and students. Sometimes it is individuals using them, and sometimes it’s big organisations. One of the things that often helps people to understand whether it is a possibility for their own projects is to do a side-by-side comparison of the data risk for their own system today, versus using a system in the cloud. That often leads to some surprising results!
Read Jeff's article about data in the Cloud, and the US Patriot Act
Thanks Ray. Excellent point that the law is a laggard to innovation and social attitudes. A clear risk review for each school should shed light on risk/practicality.