Revision of 11 November 2009

Introduction

Cloud computing is a vague term typically used to refer to a technical arrangement under which users store their data on remote servers under the control of other parties, and rely on software applications stored and perhaps executed elsewhere, rather than on their own computers. The term encompasses a variety of services, which are variously of long standing (including email), long-promised (including ‘software as a service’), and relatively new.

There are many potential benefits with such arrangements. For example:

At the same time, cloud computing is associated with severe risks in the areas of service and data integrity, consumer rights, security and privacy. This Policy Statement addresses only the APF’s area of competency, privacy.

Key Concerns

The Australian Privacy Foundation has serious concerns about cloud computing:

Conclusions

While cloud computing has potentially valuable applications, it also gives rise to serious security and privacy risks. It is crucially important that:


Resources

Cavoukian A. (2009) 'Privacy in the clouds: A white paper on privacy and digital identity' Information and Privacy Commissioner of Ontario, 2009

EPIC (2009) 'Resources on Cloud Computing' Electronic Privacy Information Center, Washington DC, 2009

Robert Gellman (2009) 'Cloud Computing and Privacy' World Privacy Forum [an industry assocation], 2009

Leslie Harris (2009) 'Perils in the Privacy Cloud' ABC News, 15 Sep 2009

Rosalie Marshall (2008) 'Experts urge caution on cloud computing' Secure Computing Magazine, 14 October 2008

Mather T., Kumaraswamy S. & Latif S. (2009) 'Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance ' O'Reilly Media, 2009

MS (2009a) 'Securing Microsoft’s Cloud' Microsoft, May 2009

MS (2009b) 'Privacy in the Cloud Computing Era – A Microsoft Perspective' Microsoft, November 2009