the right choices in cloud computing – new Privacy Commissioner guidance
The Privacy Commissioner today released
guidance material for small to medium sized businesses (SMEs), to help them
protect personal information when using cloud computing.
“Businesses today are increasingly
turning to cloud computing, but many are flying blind with the range of
options, providers and risks. Shifting to the cloud can often make really good
sense. But responsible businesses will always want to be sure that their client
and staff information will be safe. We saw a gap in the guidance that was
available,” Privacy Commissioner Marie Shroff said today.
“The reality is you’re still responsible
for what happens to your customers’ information in the cloud. You are going to
be the one answering the questions about what went wrong if there’s a privacy
breach. A loss of customer trust will directly hit a business’ bottom line, so
a lot of SMEs are nervous about using the cloud. But sometimes they’re
too nervous – the risks may be easier to manage than they think.
“Deciding whether to move to the cloud is a
business decision that depends on a variety of factors – but businesses don’t
necessarily have time to put together a checklist for themselves. So we’ve developed some guidance, including a list that sets out the most important
questions for SMEs to think about, and ask prospective cloud providers about.”
Some questions to ask providers are:
Developing the guidance
“We started by talking to some NZ
businesses and government agencies to see how they were using the cloud, and
work out where the information gaps might be. We’ve also consulted those
businesses and agencies in developing the guidance. We welcome feedback to help
us ensure that the guidance remains up to date and useable throughout the
business and government community,” Marie Shroff said.
The Commission’s guidance on SME and cloud computing can be found here (WARNING: PDF)