From Stephanie Condon's report in Politics and Law :
To secure personal information on the cloud, regulators may have to answer questions such as which entities have jurisdiction over data as it flows across borders, whether governments can access that information as it changes jurisdiction, and whether there is more risk in storing personal information in data centers that belong to a single entity rather than multiple data centers.
The current panoply of laws at the state, national, and international level have had insufficient results; FTC Commissioner Pamela Jones Harbour cited a 2008 PricewaterhouseCoopers information security survey (PDF) in which 71 percent of organizations queried said they did not have an accurate inventory of where personal data for employees and customers is stored.
With data management practices that are not always clear and are subject to change, companies that offer cloud-computing services are steering consumers into dangerous territory, said Marc Rotenberg, executive director of the Electronic Privacy Information Center.
Already, problems of identity theft are skyrocketing, he said, and without more regulation, data management services may experience a collapse analogous to that of the financial sector.
"I predict we are going to experience something very similar with respect to privacy within the emerging information economy," Rotenberg said. "We are going to realize we allowed very similar complex transactions to occur between nontransparent organizations, and we will pay."
Later on Tuesday, EPIC asked the FTC to pull the plug on Gmail, Google Docs, Google Calendar, and the company's other Web apps until government-approved "safeguards are verifiably established."
FTC Commissioner Harbour said at Tuesday's conference that it would be preferable if more than one large company such as Google were responsible for storing personal data.
"I see a lot of overlap between competition analysis and security," she said.
Jane Horvath, senior policy counsel for Google, said "privacy by design is ingrained in our culture, and security is one of our fundamental design principles."
If customers do not feel their data is secure in Google products, nothing prohibits them from transferring their data elsewhere, she said.
~ more... ~
No comments:
Post a Comment