February 23, 2009

By Robert Gellman and Pam Dixon

Tips for consumers:

• Read the Terms of Service before placing any information in the cloud. If you don’t understand the Terms of Service, consider using a different cloud provider.
• Don’t put anything in the cloud you would not want the government or a private litigant to see.
• Pay close attention if the cloud provider reserves rights to use, disclose, or make public your information.
• Read the privacy policy before placing your information in the cloud. If you don’t understand the policy, consider using a different provider.
• When you remove your data from the cloud provider, does the cloud provider still retain rights to your information? If so, consider whether that makes a difference to you.

Will the cloud provider give advance notice of any change of terms in the terms of service or privacy policy?

Tips for business or government:

• Beware of “ad hoc” cloud computing. Any organization should have standardized rules in place telling employees when and if they may utilize cloud computing and for what data.
• Don’t put anything in the cloud you wouldn’t want a competitor, your government, or another government to see.
• Read the Terms of Service. Then read the Terms of Service again.
• Make sure that you are not violating any law or policy, by putting data in the cloud, and think twice before putting any consumer data in the cloud.
• Consult with your technical, security or corporate governance advisors about the advisability of putting data in the cloud.

For More Information on Cloud Computing:
See World Privacy Forum’s report on Cloud Computing, Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing <https://www.worldprivacyforum.org/2009/02/report-privacy-in-the-clouds/>.

For updates to the report, these tips, and other documents related to the report, see the World Privacy Forum’s Cloud Privacy page at: <https://www.worldprivacyforum.org/2011/11/resource-page-cloud-privacy/>.