Sign up now and get the best business technology insights direct to your inbox.
Highlights from Lora's poll of industry experts on online security.
Officials in the UK are calling on the U.S. government and the European Commission to collaborate on a single set of online privacy and data protection laws that would apply in both places.
According to v3.co.uk, Ed Vaizey, minister of culture, communications and the Internet, called for lawmakers to reach a consensus on privacy and data protection because the Internet is a global platform.
He explained:
When we place information on the Internet, we are sharing it with the world. The rules governing online privacy need to reflect that. For the sake of web users and businesses we need a unified and consistent approach to online privacy.
An international standard will ensure that businesses have a "level playing field" no matter where they are, he said. A standard approach will also become more important as cloud computing becomes the norm.
This isn't the first time a U.S.- EU data protection pact has been suggested. But reaching a consensus has been difficult up to this point. As has been pointed out several times in the past, the EU's ideas of data protection and privacy don't exactly mesh with the approach taken by the United States. According to EU standards, U.S. protections are inadequate.
Obviously, that has made compliance in the cloud quite an interesting endeavor. Back in 2009, then-Proskauer Rose partner Tanya Forsheit told me:
There just isn't yet a practical solution for protecting data in the cloud, so the law has to kind of catch up with the way the world works.
So maybe now is the time the law begins to catch up with the technology.
Scott Blackmer
Hi Lora-hard to believe so little in the law (and yet so much in the world of cloud computing) has changed in two years! It would be wonderful if we had a "unified and consistent approach to online privacy" across jurisdictions. Unfortunately, as you note, we are not there yet and are still far away. Compliance for multinational organizations continues to be challenging, and those organizations must consider additional risks when placing sensitive data of any kind in the cloud. I doubt the law will ever "catch up" with technology. That being said, there is some good news - today there are some practical solutions available to organizations (but no panacea). It is all about risk assessment and management. Organizations can put in place information security policies and negotiate contracts with cloud service providers and other third party vendors that help mitigate the risks and address the compliance issues facing them in the many jurisdictions where they operate. (And it helps to get all stakeholders involved in the discussion as early as possible.) For more on the EU-US issues and practical approaches to compliance and risk mitigation, check out my partner Scott Blackmer's post here, http://www.infolawgroup.com/2010/08/articles/eu-1/european-reservations/, and my article on Contracting for Cloud Computing Services, here, http://www.infolawgroup.com/2010/05/articles/cloud-computing-1/contracting-for-cloud-computing-services/. Best, Tanya Forsheit, Founding Partner, InfoLawGroup LLP