Blog

It appears like the regulatory heat is about to be turned up on cloud computing services.

Spurred by last years high profile outages amongst cloud computing finest services including Gmail, Windows Azure, and Salesforce.com, the FTC will hold a privacy roundtable Jan. 28th.  The FTC has decided this should be part of the public debate concerning its recommendations for the FCC’s upcoming broadband plan coming early this year.

The questions of reliability are being coupled with wider concerns from both business and consumers about cloud security.

David Vladek, director of the FTC’s Bureau of Consumer Protection, summed up the FTC’s aim in a letter to the FCC:

“the ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers.”

He went further by adding that the FTC is “considering cloud computing and identity management as part of a broader initiative to re-examine various models to promote consumer privacy.”

The increasing scrutiny on cloud services has also begun to encapsulate their fundamental functionality especially regarding data governance.

Often as a matter of course a user’s data is moved around the cloud provider’s different servers around the world. This actually exposes the data to a wide variety of privacy and confidentiality risks due to national policies that themselves vary significantly depending on the cloud providers terms of service.

As adoption increases and the hype surrounding cloud services continues to grow the lag between innovation and regulation leaves more and more users dangerously exposed.  This is coupled with verbiage often giving complete indemnity to service providers in their various terms and conditions.

The FTC and other regulating bodies need to stop relying on industry privacy self-regulation and should instead issue a comprehensive set of Fair Information Principles as suggested by privacy experts.  Until the divide between innovation and regulation shrink business and individual users alike should get comfortable and closely read those terms and conditions.

—

About Iris Professional Services
Iris Professional Services is a computer consulting company operating offices in both Seattle and Portland. Businesses throughout the Pacific Northwest rely on our expert IT consultants for all their network IT support services.