Federal CIOs Issue Cloud Computing Privacy Framework - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud
News
8/25/2010
01:12 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Federal CIOs Issue Cloud Computing Privacy Framework

Poorly planned and executed cloud computing contracts could result in security disaster, warns CIO Council.




Slideshow: Cloud Security Pros And Cons
(click for larger image and for full photo gallery)
Although cloud computing represents a possible solution to the government's rapidly increasing on-premises storage needs, federal agencies need to be aware of "significant privacy concerns" associated with storing personally identifiable information in the cloud, the federal CIO Council says in a new document outlining a proposed policy framework on privacy and the cloud.

Federal privacy regulations control how and where federal agencies hold and process personally identifiable information, and the CIO Council warns that, without consulting their legal and privacy teams and putting a plan into place, federal agencies may run afoul of those regulations.

"Once an agency chooses a cloud computing provider to collect and store information, the individual is no longer providing information solely to the government, but also to a third party who is not necessarily bound by the same laws and regulations," the document says.

Federal agencies need to follow laws like the E-Government Act and the Privacy Act and regulations like the National Institute of Standards and Technology's Special Publication 800-53, but cloud providers are bound only so far as they don't stray so far from the regulations that they can't serve the federal government.

Among the risks include improperly setting the contractual terms of service in such a way that allows the provider to analyze or search the data; possibilities that the data could become an asset in bankruptcy, that foreign law enforcement may search the data pursuant to a court order or other request, or that the service provider doesn't inform the government of a breach; and the possible failure of the cloud provider to provide a full and accessible audit trail to the government.

Certain privacy laws may also make it harder for agencies to host data on the cloud. For example, the document notes, the Health Insurance Portability and Accountability Act (HIPAA) requires formal agreements before the government can share records with a cloud provider.

Despite the risks, however, the CIO Council notes that "a thoughtfully considered" cloud deployment can, contrary to its earlier warnings, actually enhance privacy and make agency information more secure.

The document recommends agencies maintain a focus on contract language that meets federal privacy needs and regulations, conduct what the CIO Council terms a Privacy Threshold Analysis to determine whether a new system creates privacy risks, and then carry out a Privacy Impact Assessment to assess and help mitigate those risks.

According to the document, Privacy Threshold Analyses should address things like changes in how data is managed, consolidation of data, and new public and inter-agency access and use, while Privacy Impact Assessments should address specifics about the data itself -- what it is, why it's being collected, with whom it will be shared, and so on.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
News
What Comes Next for the COVID-19 Computing Consortium
Joao-Pierre S. Ruth, Senior Writer,  11/24/2020
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll