WPF Report: Privacy in the Clouds
Risks to Privacy and Confidentiality from Cloud Computing
Risks to Privacy and Confidentiality from Cloud Computing
Cloud computing has significant implications for the privacy of personal information as well as for the confidentiality of business and governmental information. A principal goal of this analysis is to identify privacy and confidentiality issues that may be of interest or concern to cloud computing participants. While the storage of user data on remote servers is not new, current emphasis on and expansion of cloud computing warrants a more careful look at its actual and potential privacy and confidentiality consequences.
The United States has several privacy laws applicable to particular types of records or businesses. Some of these laws establish privacy standards that have bearing on a decision by a business to use a cloud provider. Others laws do not. Some laws specifically allow a business to share personal information with another company that provides support services to the business. Specific statutory references to the use of a service provider have no apparent pattern in privacy laws. Some privacy laws have them; some do not.
Even when no laws or obligations block the ability of a user to disclose information to a cloud provider, disclosure may still not be free of consequences. Information stored with a third party (including a cloud computing provider) may have fewer or weaker privacy protections than information in the possession of the creator of the information. Government agencies and private litigants may be able to obtain information from a third party more easily than from the creator of the information. The expanded ability of the government and others to obtain information from a third party affects both businesses and individuals.
Several other aspects of cloud computing affect privacy and confidentiality interests. The most important of these are the terms of service and privacy policy established by a cloud provider. The location of data, ownership of the cloud provider, use of transactional information, and other issues are considered here.