Making the right choices in cloud computing – new Privacy Commissioner guidance
12 February 2013
The Privacy Commissioner today released guidance material for small to medium sized businesses (SMEs), to help them protect personal information when using cloud computing.
“Businesses today are increasingly turning to cloud computing, but many are flying blind with the range of options, providers and risks. Shifting to the cloud can often make really good sense. But responsible businesses will always want to be sure that their client and staff information will be safe. We saw a gap in the guidance that was available,” Privacy Commissioner Marie Shroff said today.
“The reality is you’re still responsible for what happens to your customers’ information in the cloud. You are going to be the one answering the questions about what went wrong if there’s a privacy breach. A loss of customer trust will directly hit a business’ bottom line, so a lot of SMEs are nervous about using the cloud. But sometimes they’re too nervous - the risks may be easier to manage than they think.
“Deciding whether to move to the cloud is a business decision that depends on a variety of factors – but businesses don’t necessarily have time to put together a checklist for themselves. So we've developed some guidance, including a list that sets out the most important questions for SMEs to think about, and ask prospective cloud providers about.”
Some questions to ask providers are:
types of information
Developing the guidance
“We started by talking to some NZ businesses and government agencies to see how they were using the cloud, and work out where the information gaps might be. We've also consulted those businesses and agencies in developing the guidance. We welcome feedback to help us ensure that the guidance remains up to date and useable throughout the business and government community,” Marie Shroff said.
The Commission's guidance on SME and cloud computing can be found here (WARNING: PDF)