A couple of years ago we stopped staff downloading the Google Toolbar
and using the spellchecker as we understood (rightly or wrongly) that
the data was sent to a server in the US, checked and then returned,
showing any error.
Thanks
Brenda
Brenda Scourfield
Team Leader
I.T.
Pembrokeshire County Council
County Hall
Haverfordwest
SA61 1TP
01437 775380
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Marchini, Renzo
Sent: 16 May 2011 12:49
To: [log in to unmask]
Subject: Re: [data-protection] Cloud and safe harbors
I cover this issue in my book! www.tinyurl.com/cloud-law.
There is a shorter treatment of these issues in this months' Privacy Law
& Business if you subscribe to that journal (and should hit your desk
shortly).
(By the way, when I spoke to salesforce.com they told me that they do
not have a European data centre and all data is in California.)
Best
Renzo
Renzo Marchini
Dechert LLP
+44 (0) 20 7184 7563 direct
+44 (0) 20 7184 7001 fax
[log in to unmask]
www.dechert.com
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Paul Ticher
Sent: 16 May 2011 12:36
To: [log in to unmask]
Subject: [data-protection] Cloud and safe harbors
Is anyone aware of a piece of official (or even good unofficial)
guidance on
cloud computing and safe harbors [sic] from a Data Protection
perspective?
More and more organisations are storing significant amounts of personal
data
on cloud services. I know that government data is not allowed to be
stored
outside the EEA, and that as a result some providers (Salesforce, for
example) have deliberately set up servers in Europe and guarantee that
that
data will not leave the jurisdiction. Many others, however, do not give
such a guarantee or (Google for instance) explicitly refuse to give one.
People say, "Ah, but that doesn't matter. Google are signed up to Safe
Harbors." When you look at Google's entry in the Safe Harbors register,
however, it only refers to the data that Google holds about its own
customers, not the data stored by customers on Google's systems.
Let us assume that Google is a Data Processor in respect of data it
stores
on behalf of customers. (But I'm open to arguments on that.)
Google offers its services on a take-it-or-leave-it basis. Although it
gives security assurances, I am not convinced that its standard T&Cs
cover
all the requirements of our Data Protection Act, and the data is
explicitly
not covered by Safe Harbors. In that case I don't see how anyone in the
UK
can use Google's cloud services for storing personal data and at the
same
time comply with the Act.
I use Google here as a prominent example, not to single them out as
being
particularly bad.
Am I tying myself in knots here? Does anyone have an idiot's guide to
Data
Protection in the cloud, especially when the servers are (or may be)
outside
the EEA?
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This e-mail is from Dechert LLP, a law firm, and may contain
information that is confidential or privileged. If you are not the
intended recipient, please delete the e-mail and any attachments, and
notify the sender. Dechert LLP is a limited liability partnership
registered in England & Wales (Registered No. OC306029) and is regulated
by the Solicitors Regulation Authority. A list of names of the members
of Dechert LLP (who are solicitors or registered foreign lawyers) is
available for inspection at its registered office, 160 Queen Victoria
Street, London EC4V 4QQ.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**************************************************************************************************************
This document should only be read by those persons to whom it is addressed, and be used by them for its intended purpose; and must not otherwise be reproduced, copied, disseminated, disclosed, modified, distributed, published or actioned. If you have received this email in error, please notify us immediately by telephone on 01437 764551 and delete it from your computer immediately. This email address must not be passed on to any third party nor be used for any other purpose.
Pembrokeshire County Council Website - http://www.pembrokeshire.gov.uk
Please Note: Incoming and outgoing e-mail messages are routinely monitored for compliance with our IT Security, and Email/Internet Policy.
This signature also confirms that this email message has been swept for the presence of computer viruses and malicious code.
***************************************************************************************************************
Dim ond y sawl y mae'r ddogfen hon wedi'i chyfeirio atynt ddylai ei darllen, a'i defnyddio ganddynt ar gyfer ei dibenion bwriadedig; ac ni ddylid fel arall ei hatgynhyrchu, copio, lledaenu, datgelu, addasu, dosbarthu, cyhoeddi na'i rhoi ar waith chwaith. Os ydych chi wedi derbyn yr e-bost hwn trwy gamgymeriad, byddwch cystal a rhoi gwybod i ni ar unwaith trwy ffonio 01437 764551 a'i ddileu oddi ar eich cyfrifiadur ar unwaith. Ni ddylid rhoi'r cyfeiriad e-bost i unrhyw drydydd parti na'i ddefnyddio ar gyfer unrhyw ddiben arall chwaith.
Gwefan Cyngor Sir Penfro - http://www.pembrokeshire.gov.uk
Sylwer: Mae negeseuon e-bost sy’n cael eu hanfon a’u derbyn yn cael eu monitro’n rheolaidd ar gyfer cydymffurfio â’n Diogelwch TG, a’n Polisi E-bost/Rhyngrwyd.
Mae'r llofnod hwn hefyd yn cadarnhau bod y neges e-bost hon wedi cael ei harchwilio am fodolaeth firysau cyfrifiadurol a chod maleisus.
***************************************************************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|