|
The privacy commissioner of Canada’s largest province has raised concerns about the use of third-parties to host data on the Internet, otherwise known as cloud computing, urging companies to adopt responsible identity management.
In May of this year, Ontario Information and Privacy Commissioner Ann Cavoukian discussed the changing landscape for individual information as software moves to Web-based services from companies such as Google, IBM or Amazon. The issues include identity management software based on open standards; federated identity so that registering their information for one service will mean they are recognized elsewhere; audit tools to track what happens to user data; and, policies that stipulate how information will be used in a cloud.
“User-centric private identity management in the Cloud is possible, even when users are no longer in direct possession of their personal data, or no longer in direct contact with the organization(s) that do possess it,” she says. “Inevitably, we must also have sufficient trust in those organizations that would supply and accept our identity credentials and our personally identifiable information.”
Cloud computing experts in Canada agreed that privacy and security of personal information is emerging as the most important hurdle vendors must jump in order to attract customers. Reuven Cohen, principal with IT consulting firm Enomoly in Toronto, has suggested the term “geopolitical cloud” should be used to describe the kind of jurisdictional quandaries users could face, depending on the services they choose. “In a lot of ways, you’re limited by the sort of political constraints different countries place on their data,” he said. “The U.S. and their Patriot Act is just one example.”
It is interesting to compare with technical and legal approaches and restrictions already in place for third party financial and medical information exchange. So is cloud computing was just a new version of an existing issue around privacy?
|
