JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for DATA-PROTECTION Archives


DATA-PROTECTION Archives

DATA-PROTECTION Archives


data-protection@jiscmail.ac.uk


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

DATA-PROTECTION Home

DATA-PROTECTION Home

DATA-PROTECTION  May 2011

DATA-PROTECTION May 2011

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password

Subject:

Re: Cloud and safe harbors

From:

"Atkinson, Colin" <[log in to unmask]>

Reply-To:

Atkinson, Colin

Date:

Mon, 16 May 2011 13:58:26 +0100

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (154 lines)

See Section 5 of the ICO's Personal Information Online Code of Practice:  

http://www.ico.gov.uk/for_organisations/data_protection/topic_guides/online.aspx 

Regards,

Colin

______________________________________
Colin Atkinson
Director of Information Assurance Services
University of Leicester,
University Road, Leicester LE1 7RH,
Tel. 0116 229 7956,  Fax. 0116 229 7811,
mailto:[log in to unmask]

Elite Without Being Elitist

Times Higher Awards Winner 2007, 2008, 2009, 2010

Follow us on Twitter http://twitter.com/uniofleicsnews


-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Bailey, Trish
Sent: 16 May 2011 13:09
To: [log in to unmask]
Subject: Re: Cloud and safe harbors


Paul

I raised this issue with the ICO at a conference I attended beginning of last year and was told the ICO would be looking to issue some guidance around the cloud issues (I believe in conjunction with a commissioned piece of work a university up north (so can't remember the name) who were specifically researching the issues from a "information governance" approach (i.e. DPA, info security).  I have to admit I have neither seen the ICO guidance and/or the outcome of the research - if completed - its gone a bit "quiet".

Not sure whether anyone else on this list can shed some light on the above.

Many thanks 
Trish 
Trish-louise Bailey
Audit & Assurance (Information Governance)
(IG covers:  Data Protection & Privacy, FOI, Information Security, Information Sharing & Confidentiality, Information & Records Management, Information Quality & Assurance) 
Telford & Wrekin Council 
Civic Offices
Coach Central
Telford 
TF3 4HD
www.telford.gov.uk 

em:   [log in to unmask] or [log in to unmask] 
tel:    01952 382537
mb:   07528 969455


-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Paul Ticher
Sent: 16 May 2011 12:36
To: [log in to unmask]
Subject: Cloud and safe harbors

Is anyone aware of a piece of official (or even good unofficial) guidance on 
cloud computing and safe harbors [sic] from a Data Protection perspective?

More and more organisations are storing significant amounts of personal data 
on cloud services.  I know that government data is not allowed to be stored 
outside the EEA, and that as a result some providers (Salesforce, for 
example) have deliberately set up servers in Europe and guarantee that that 
data will not leave the jurisdiction.  Many others, however, do not give 
such a guarantee or (Google for instance) explicitly refuse to give one.

People say, "Ah, but that doesn't matter.  Google are signed up to Safe 
Harbors."  When you look at Google's entry in the Safe Harbors register, 
however, it only refers to the data that Google holds about its own 
customers, not the data stored by customers on Google's systems.

Let us assume that Google is a Data Processor in respect of data it stores 
on behalf of customers. (But I'm open to arguments on that.)

Google offers its services on a take-it-or-leave-it basis.  Although it 
gives security assurances, I am not convinced that its standard T&Cs cover 
all the requirements of our Data Protection Act, and the data is explicitly 
not covered by Safe Harbors.  In that case I don't see how anyone in the UK 
can use Google's cloud services for storing personal data and at the same 
time comply with the Act.

I use Google here as a prominent example, not to single them out as being 
particularly bad.

Am I tying myself in knots here?  Does anyone have an idiot's guide to Data 
Protection in the cloud, especially when the servers are (or may be) outside 
the EEA?


Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

--------------------------------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error 
please notify the originator of the message. 

Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Telford & Wrekin Council.

The content of this email has been automatically checked in 
conjunction with the relevant policies of Telford & Wrekin Council.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Top of Message | Previous Page | Permalink

JISCMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
2006
2005
2004
2003
2002
2001
2000
1999
1998


WWW.JISCMAIL.AC.UK

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager