Ex-Canada Privacy Commissioner: Cloud Can Be Safe

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jeremy Hainsworth

Feb. 5 — Risks associated with storing data in the cloud can be mitigated through the use of safeguards and a properly regulated framework, former Canadian Interim Privacy Commissioner Chantal Bernier said Feb. 4.

Speaking at the 17th annual Privacy & Security conference in Victoria, British Columbia, she said the cloud could be safe for data because it has proper encryption and is a zero-knowledge system.

That means the cloud can have no knowledge of the information it holds, Bernier said. However, she said a problem that cloud storage faces is that it is an abstract concept for many.

“Maybe we need to think differently,” she said, adding that accountability and transparency are needed.

Before resorting to cloud storage, a cost-benefit analysis must be done to determine if it is justified and if there is a need for broad accessibility to data, she said.

Benefits of cloud storage include:

  •  simplification of IT management and reduced IT staff costs;
  •  scalable infrastructure;
  •  tiered data storage;
  •  remote disaster recovery and business continuity;
  •  continuity of patient care;
  •  accessibility, and:
  •  comprehensive report generation.

    According to Bernier, risks of cloud storage include:

  •  breaches through information sharing;
  •  data leakage through multi-tenancy clouds;
  •  loss of control through delocalization, and;
  •  threats to highly sensitive information.

    Bernier said a good approach to dealing with cloud protections is ISO 27018—which “establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with” privacy principles for the public cloud computing environment.

    “It is based on privacy not security,” she said.

    To contact the reporter on this story: Jeremy Hainsworth in Vancouver at correspondents@bna.com

    To contact the editor responsible for this story: Jimmy H. Koo at jkoo@bna.com

    Request Bloomberg Law: Privacy & Data Security