“Excuse me, but I really would like to know how and where exactly you are storing, protecting and handling the personal data belonging to my clients!”
Seems a simple enough and sensible Date Protection Act question for Solicitors and Barristers to ask, but you may be surprised by the number of IT companies, outsource IT service providers and cloud service providers who will try to side-step the question or convince you it is unnecessary to even ask.
If you persist, you are likely to be told to accept that hundreds of their satisfied customers already use their services. You may also hear that their solution is fully compliant with all standards and regulations. These facts may be true, but of course your question has not actually been answered.
The ICO – Information Commissioner’s Office (Data Protection Act 1998 and all that) issued a new document, “Guidance on the use of cloud computing” in October of this year. So as is usually the case with regulatory compliance matters, it is evolving to meet current and future challenges and obligations.
It says that this document is part of a series of guidance that goes into more detail than their long-standing Guide to Data Protection; to help organisations more fully understand their obligations as well as to promote good practice. This latest publication explains what you should consider prior to a move to Cloud computing for the processing of personal data. It provides a far more comprehensive explanation that previously given about data protection compliance issues that can arise when personal data is processed in the Cloud.
It acknowledges that a shift towards much greater use of cloud computing is well underway. Technology advancement, mobile access to information and more affordable pricing are usually the essential business drivers forcing a change to Cloud computing.
Sometimes, organisations are compelled to move to cloud solutions as an instant disaster recovery option, when an aged on-premise computer system or network long due for replacement finally grinds to a halt and cannot be revived.
Cloud services are also extremely attractive propositions for smaller legal firms (including start-ups and sole practitioners) due to the low cost of entry and ownership and the possibilities of rapid expansion.
The ICO also published the “Personal Information Online Code of Practice” in July 2010. The code covers how the Data Protection Act applies to the collection and use of personal data online and gives advice for organisations that do business or provide services online.
Their latest publication stresses that Cloud providers should use this latest guidance to update their knowledge and awareness of what their current and prospective Cloud customers may need to deal with on data protection matters, and to help them make their products and services more appealing and relevant to customers that are subject to Data Protection Law and regulatory compliance.
At Parachute IT, we already do this for many of our customers operating in regulated professions and in sectors where compliance, outstanding service and quality standards matter. Find out what our support and consultancy services could mean for you. Call us on 08445 885 500 or email us today.