ICO releases data protection guidelines
The Information Commissioner's Office (ICO) - UK data protection watchdog - has released a new guide for small businesses covering, among other things, the use of cloud service providers.
The code of practice was made available on Wednesday as a resource to help businesses query third-party companies when entrusting their company data to them. Many firms in the UK have started to outsource data management processes to cloud services but the ICO is asking people to think carefully about the type of company they release their information to.
"The cloud-computing code of practice will help SMEs not just comply with the law, but to run their businesses well", Iain Bourne, the ICO's group manager of policy delivery.
As the law currently stands, the responsibility for any lost or exposed data still lies with the business who generated or owns the data, not the third-party. For small businesses, this emphasises the importance of choosing partner companies wisely.
The code of practice - available here - addresses how the Data Protection Act applies to information processed online. There is also guidance urging businesses to ensure they have a written contract for cloud services would should stipulate that the same level of data security be applied to outsourced data as well as data managed internally.
The release of this guide follows news that the government is turning to the Ministry of Justice (MoJ) for consultation on how effective the Data Protection Act has been when enforcing the law. Despite a new maximum penalty fine of £500,000 for any breaches to the Data Protection Act the state of compliance in the UK remains relatively unchanged.
With negotiations with the European Union on reform of the Data Protection Directive coming soon, the government is seeking advice on how it can improve on what the ICO is already doing. One suggestion has been to force any companies responsible for incidents of data loss or exposure to make their news open in the public domain - a measure already in place in certain US states.