Through the cloud, it's possible for businesses to share files and store all kinds of information. Yet as seen in a number of conferences and summits related to technology and security, some privacy concerns still exist for online storage options.
Before your business decides to sign up for a cloud services, you need to make sure that you take the privacy concerns into consideration. Failure to do so can result in numerous problems, legally as well as professionally.
Consider the Rules that Control the Use of Information
Many businesses make the mistake of thinking that only their own business policies control their use of information and its storage. However, privacy rules and regulations from a number of agencies and institutions may have an impact on your business depending on the kind of business you run. Some of the most common include Family Educational Rights and Privacy Act, Health Insurance Portability and Accountability Act, and others. These dictate the manner in which confidential information can be handled and the consequences for failure. Additional requirements can be imposed by intellectual property laws, and it depends on the individual whose work is being stored in the cloud storage.
The Cloud is Safe for Some Things
The cloud can be a useful method for transferring files and protecting information. But it is important that a standard cloud service is not used for information that is critical, confidential, or sensitive. Federal privacy regulations impose a great burden on most businesses when it comes to maintaining confidentiality. The duty to exercise reasonable care extends beyond just the confidential information that belongs to and affects a client. Anyone's social security number, identifying information, birth-dates, and the like can be considered and argued to be confidential information.
When it comes to confidential or sensitive information or confidential data, you have to make sure that the cloud service that you choose has sufficient protection. Encryption at the server level is the minimum requirement. The law does not require that you have this in place, but it can be considered a breach of the duty of care to your client. The service provider cannot be held liable in most cases. As a result, you should not use a cloud service with only basic protection features for information you could be liable for.
The Problem Continues Even with Security Features
As a business owner, you must bear in mind the security risks that you always face. Even though Google Drive and other similar programs have developed encryption programs, these programs only protect the information from server based attacks. Account hacking and other similar problems can quickly add up and overtake a system. The problem may not always come from outside hackers. Bear in mind that disgruntled employees, as well as individuals who just happen to pass a computer station with your credentials, can easily gain access to confidential information if you have left your account on.
As a general rule, you should always encrypt your data before you upload it into the cloud. Purchase a service that has changing algorithms. Make sure that the key and the pass phrase are changed on a regular basis. Otherwise, they can still be too easy to hack into. You will only be able to access the documents from systems that have the encryption key, so you may not want to encrypt non-sensitive data for easy access. But for all other documents that have confidential information, encryption is simply considered one of the basic tasks that is part of being a reasonable business owner. Failure to do so and the subsequent loss of that information can result in your being held liable for even greater damages.
Before your business decides to sign up for a cloud services, you need to make sure that you take the privacy concerns into consideration. Failure to do so can result in numerous problems, legally as well as professionally.
Consider the Rules that Control the Use of Information
Many businesses make the mistake of thinking that only their own business policies control their use of information and its storage. However, privacy rules and regulations from a number of agencies and institutions may have an impact on your business depending on the kind of business you run. Some of the most common include Family Educational Rights and Privacy Act, Health Insurance Portability and Accountability Act, and others. These dictate the manner in which confidential information can be handled and the consequences for failure. Additional requirements can be imposed by intellectual property laws, and it depends on the individual whose work is being stored in the cloud storage.
The Cloud is Safe for Some Things
The cloud can be a useful method for transferring files and protecting information. But it is important that a standard cloud service is not used for information that is critical, confidential, or sensitive. Federal privacy regulations impose a great burden on most businesses when it comes to maintaining confidentiality. The duty to exercise reasonable care extends beyond just the confidential information that belongs to and affects a client. Anyone's social security number, identifying information, birth-dates, and the like can be considered and argued to be confidential information.
When it comes to confidential or sensitive information or confidential data, you have to make sure that the cloud service that you choose has sufficient protection. Encryption at the server level is the minimum requirement. The law does not require that you have this in place, but it can be considered a breach of the duty of care to your client. The service provider cannot be held liable in most cases. As a result, you should not use a cloud service with only basic protection features for information you could be liable for.
The Problem Continues Even with Security Features
As a business owner, you must bear in mind the security risks that you always face. Even though Google Drive and other similar programs have developed encryption programs, these programs only protect the information from server based attacks. Account hacking and other similar problems can quickly add up and overtake a system. The problem may not always come from outside hackers. Bear in mind that disgruntled employees, as well as individuals who just happen to pass a computer station with your credentials, can easily gain access to confidential information if you have left your account on.
As a general rule, you should always encrypt your data before you upload it into the cloud. Purchase a service that has changing algorithms. Make sure that the key and the pass phrase are changed on a regular basis. Otherwise, they can still be too easy to hack into. You will only be able to access the documents from systems that have the encryption key, so you may not want to encrypt non-sensitive data for easy access. But for all other documents that have confidential information, encryption is simply considered one of the basic tasks that is part of being a reasonable business owner. Failure to do so and the subsequent loss of that information can result in your being held liable for even greater damages.
The author is associated with Box.com which offers state-of-the-art unlimited online storage, cloud storage and file upload services for businesses and individuals alike.
0 comments:
Post a Comment