Earlier in the year, I wrote a blog post titled “Is my data safe in the Cloud?”, where I explained that actually my personal data was safer in the cloud than it was on my own laptop – because there’s less chance of it disappearing (and through clever syncing using Windows Live Mesh, I ensured that I could have it both in the Cloud and on my laptop).
But when people ask “Is my data safe in the Cloud?”, they can often be thinking about another aspect – whether it’s safe from other organisations looking at it.
If you’re using a Microsoft Cloud-service, you can find out about our data security, privacy and compliance principles at the Microsoft Online Services Trust Centre.
The other aspect people are concerned about is whether governments can go dipping into the data to find out things. Specifically, people have often asked about the US Patriot Act, which they’ve assumed gives the US government the right to dig into data. It definitely doesn’t provide for routine access to data stored up in the cloud. Jeff Bullwinkel, Microsoft’s Associate General Counsel and Director of Legal & Corporate Affairs in Australia, wrote a blog post recently about the US Patriot Act and what it does (and doesn’t allow). It’s worth reading if you’d like to understand some of the background to the impact, but I’ve pulled out one key quote from his post, relating to data access in criminal cases:
|…Australia and the United States, like most countries around the world, cooperate closely in law enforcement matters. Under a longstanding bilateral mutual legal assistance treaty providing for law enforcement cooperation between Australia and the United States, either government can gain access to data located within the territory of the other.|
The point Jeff concludes with is that there are common misunderstandings and confusion about data protection in the Cloud, and that when you’re considering what you might be doing with data in the Cloud, you need to carefully pick out the genuine issues from the mass of confusing opinions (often with no basis in fact) that bounce around.
Within education in Australia, there are more examples of Cloud-based services being used by staff and students. Sometimes it is individuals using them, and sometimes it’s big organisations. One of the things that often helps people to understand whether it is a possibility for their own projects is to do a side-by-side comparison of the data risk for their own system today, versus using a system in the cloud. That often leads to some surprising results!