EDMONTON, June 14, 2012 /CNW/ - Increasingly today, the word cloud is
almost as likely to be spoken in a conversation about computing as it
would in a discussion about the weather. New guidance issued by the
Privacy Commissioner of Canada, and the Information and Privacy
Commissioners of Alberta and British Columbia seeks to provide insight
for small- and medium-sized enterprises (SMEs) to help their
forecasting of potential benefits and risks posed by cloud-based
Cloud computing is the delivery of computing services over the Internet.
SMEs may be attracted to cloud services as they can significantly
reduce the cost and complexity of owning and operating computers and
networks. Businesses using a cloud service provider don't need to spend
money on information technology infrastructure, or buy hardware or
software licences. Cloud services can also enable a business to store
data offsite with the ability to access it over the Internet from the
office, home or virtually anywhere.
In essence, this is a form of outsourcing. Businesses need to remember
however that for any information they put in the cloud, the
responsibility to safeguard it to the level required by Canada's
private sector privacy laws remains firmly with them.
"In general, the smaller a business, the less likely it is to have the
budget to keep a dedicated, full-time Chief Privacy Officer on staff,"
said Privacy Commissioner of Canada, Jennifer Stoddart. "This guidance
is designed to help SMEs understand their responsibilities and how to
help safeguard their reputations when considering and using cloud
"Any business needs to take a long look at options that could lead to
cost savings and productivity improvements, but they need to consider
the full picture," said Alberta Information and Privacy Commissioner
Jill Clayton. "Our new guidance provides information on steps SMEs
intrigued by cloud services should take to understand their privacy
"Cloud services centralize vast amounts of a business's personal
customer and client information," said British Columbia Information and
Privacy Commissioner Elizabeth Denham. "This can create a heightened
risk of intrusion and data loss, so we urge SMEs to check with a
service provider to ensure security measures are sufficient to protect
The guidance includes key precautions and advice, such as:
Pay close attention to cloud service contracts. For example, might the
fine print allow for third-party disclosures of the information stored?
Are your customers aware that their information might be outsourced to
the cloud and do you have their consent?
Where in the world is the data stored and what law may apply? No matter
what, the business outsourcing the data is responsible for ensuring
it's protected to a level expected under Canadian privacy law.
The full guidance can be found on the web site of either: the Office of
the Privacy Commissioner of Canada www.priv.gc.ca; the Office of the Information and Privacy Commissioner of Alberta www.oipc.ab.ca; or the Office of the Information and Privacy Commissioner of British
SOURCE Office of the Privacy Commissioner of Canada
For further information:
For media inquiries, please contact:
Office of the Privacy Commissioner of Canada
Office of the Information and Privacy Commissioner of Alberta
Office of the Information and Privacy Commissioner of British Columbia