Some great feedback from Ian yesterday –
"Understanding what constitutes personally identifiable information becomes even more important when considering cloud computing.
Not only do you have to consider what is being stored, but it is highly likely that you will be legally bound to consider in which jurisdiction it is stored. This includes not only the jurisdiction of primary storage, but the jurisdiction of disaster recovery sites and backups.
When choosing a cloud provider, it is crucial that you get written assurances of the jurisdiction in which this data is stored – as the jurisdictions in which you may be permitted to store data can be surprising: For example, under EU law, personally identifiable data can be stored in the European Economic Area and specified trusted third party jurisdictions including Canada and Israel, but NOT in the USA.
As ever, when dealing with such a legal minefield as Cloud storage, you should take proper legal advice."
There are significant issues when it comes to sharing *and* protecting information when you’re working with people around the world as well. For example, there are different disclosure regulations in the EU when it comes to sponsored events that may pertain to your use of information, but most assuredly pertains to disclosure policies and privacy policies that you post.
Encryption and protection requirements – basically protection against malicious attacks – have different (or additional) implications than providing for sharing of information. Still, both areas fall under protecting data. More on the encryption front tomorrow.
In short, protect it, be transparent about how you’re using it, and you almost can’t go too far in either of these two areas.
What do you think? Let me know…