In its latest whitepaper “Cloud Adoption and Trends for 2012”, the Cloud Industry Forum reiterates that data security and data privacy remain the key concerns for businesses around cloud adoption. Coupled with this is the issue of where that data is held and, in particular, whether it’s held in the UK or at least within the EEA, the area recognised by the European Commission as having adequate data protection laws.
It may come as a surprise then, to learn that a senior lawyer in the UK was found to be in breach of the UK Data Protection Act. This isn’t the much criticised ACS:Law which saw the personal details of 6,000 computer users exposed after a hack attack. This was the theft of a laptop from Ruth Crawford QC’s house which contained information about the cases she was working on, including details relating to individuals' physical and mental health. The Information Commissioner warned that legal professionals hold some of the most sensitive information available and that it’s vital they take adequate data security measures. The Commissioner can issue fines of up to £500,000 for data protection breaches but Crawford escaped a fine as the breach took place before the fines came into force.
Time to encrypt and virtualise or let a cloud service provider fix the problem for you? And don't forget best practice recommendations in the cloud service provider contract.