Cloud computing according to Office of the Information & Privacy Commissioner (2012) is a way of processing, storing, and managing data remotely in the cloud. It provides public bodies with a convenient and cheap tool that helps the institutions handle information more efficiently. Public bodies include such institutions as schools, hospitals, and more. Examples of information that can be managed by such bodies would be web-based emails, social media sites, etc. Freedom of Information and Protection of Privacy Act (FIPPA) is a document that regulates the personal information that is managed by the public bodies. If that information has any identification of a person’s name, details that can reveal the persona of the individual, then that information can be considered personal.
It is a disputable situation because on one hand personal information that may be useful to such institutions because it may contribute to the statistics or other aspects of their field of work. On the other hand, such information is sensitive in terms of its personal nature.
The key areas mentioned in the guidelines include governance, identity and access management, Infrastructure security, encryption, and contractual provisions. Corporate policies and various procedures are under the governance area. Identity and access management implies the regulation of the data access for the employees of the cloud system and employees and users of the institutions using the cloud. Infrastructure security is the area responsible for the safety of the stored information and maintenance of the cloud infrastructure. Encryption decodes personal information to prevent unauthorized disclosure of it. Lastly, contractual provisions imply FIPPA being used in written agreements with the third parties. To secure the process the public bodies must ensure the credibility of the cloud computing system providers and only work with trustworthy companies. In the past, even the industry giants were hacked and the information stored in their cloud systems was jeopardized multiple times. When it comes to the data that may be under the public body systems, it may be even more sensitive, for example, it may include an individual’s health record. The prevention of unauthorized access to such information needs to be the main focal point of the cloud computing system management.
Without a doubt, cloud computing can be a useful way of storing and managing data, but the infrastructure of it and the regulations that are in place do not necessarily foresee the possibility of the future cyber threats. Although FIPPA has some sides of cybersecurity covered, cloud computing systems used by the public bodies may still pose a threat in the eyes of the community. The commissioner’s role in this system is extremely important because he/she has the authority to investigate possible issues if informed by the individual unsatisfied with the way the data is stored, processed, or managed. Without a doubt that is a necessary measure to protect the information and prevent unsafe environments of its storage.
Reference
Office of the Information & Privacy Commissioner. (2012). Cloud Computing Guidelines for public bodies. Author.