Privacy (from Latin: privatus “separated from the rest, deprived of something, esp. office, participation in the government”, from privo “to deprive”) is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes. Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm. When something is private to a person, it usually means there is something within them that is considered inherently special or personally sensitive. The degree to which private information is exposed therefore depends on how the public will receive this information, which differs between places and over time. Privacy partially intersects security, including for instance the concepts of appropriate use, as well as protection of information. Privacy may also take the form of bodily integrity.
The right not to be subjected to unsanctioned invasion of privacy by the government, corporations or individuals is part of many countries’ privacy laws, and in some cases, constitutions. Almost all countries have laws which in some way limit privacy; an example of this would be law concerning taxation, which normally require the sharing of information about personal income or earnings. In some countries individual privacy may conflict with freedom of speech laws and some laws may require public disclosure of information which would be considered private in other countries and cultures. Privacy may be voluntarily sacrificed, normally in exchange for perceived benefits and very often with specific dangers and losses, although this is a very strategic view of human relationships. Academics who are economists, evolutionary theorists, and research psychologists describe revealing privacy as a ‘voluntary sacrifice’, for instance by willing participants in sweepstakes or competitions. In the business world, a person may volunteer personal details (often for advertising purposes) in order to gamble on winning a prize. Personal information which is voluntarily shared but subsequently stolen or misused can lead to identity theft.
Concerns in cloud computing as they relate to privacy and information security:
- Who has access to the information organizations are putting on these external cloud application and systems servers?
- How does an organization’s compliance posture for applicable laws, regulations, standards, contracts and policies change when business, and sometimes even customer and employee, information is stored in the clouds?
- How long does information put into the clouds stay in those clouds? Do the clouds have retention policies? Can information be permanently and completed removed from the clouds once it is put there?
- Are there any logs generated to show how that cloudy information is accessed, copied, modified and otherwise used?
Can all necessary information in clouds be easily retrieved during e-discovery activities? If so, what are the related costs involved?
Addressing all those issues after the fact is always exponentially harder than addressing them before new applications, systems and tools are already imbedded within the organization and already considered as being indispensable.
In some organizations it is likely that this is already be the case with cloud computing. If so, address the issues now before use progresses even more deeply within the business architecture.
If your organization is not yet using cloud computing, act now to prevent compliance issues from getting out of hand, and to save yourself some headaches.
Before the business commits to cloud computing services, it is good to consider the cloud computing vendor as much more than just a software provider; it realy is another type of business partner.
Businesses need to scrutinize the information security and privacy programs and practices of vendors and other business partners, and the cloud computing tools, applications and services should be viewed no differently.
If your business is entrusting critical processing and data to another entity, you should first ensure it is trustworthy, secure and will meet your organization’s compliance obligations.
It involves the following topics –
- Data Collection and sharing
- Legal and Regulatory Challenges