Blogs & Comment

Is your info safe in the clouds?

Following Sony's massive security failure, one wonders just how secure online databases really are. Is the convenience worth it?

It’s been an interesting few weeks in the world of online tracking. First Amazon comes under fire for their service outage in April when its cloud services were knocked offline. This week, Sony discovered the recent theft of personal information of over 100 million PlayStation Network users and online gamers.

Canada’s Privacy Commissioner Jennifer Stoddart held a well-timed presentation in Toronto yesterday to reveal findings from a report about online privacy issues. It was full of the usual concerns: Canadians don’t realize how much information they’re giving away, terms of service agreements are confusing, and the most easily targeted group is children.

Most interesting is the discussion about cloud computing. This is information stored online, like Google Documents, that can be accessed anywhere with an Internet connection. We like these services because they’re convenient: no annoying USB key you’re going to lose, or external hard drive that’s going to crash. But the Office of the Privacy Commissioner’s report is concerned and calling for better security of personal information stored or processed on cloud services.

According to a report by the Pew Internet and American Life Project, 90% of cloud application users say they would be very concerned if the company storing their data sold it to a third party. So would 80% of users if companies used their photos or other data in marketing campaigns and 68% would be concerned if this info was used to target online ads to them based on their actions. Yet, all this is happening, and we still continue to store and share so much info online.

According to the Electronic Privacy Information Centre, laws in the U.S. surrounding cloud computing are “not well defined” and may be less stringent than data on a personal computer. They warn that storing data in the cloud means access to data is subject to the service provider’s terms and they can terminate it at anytime. Furthermore, deleting an account may not actually remove the stored data from the server.

In the Commissioner’s report that was based on public consultations, most industry participants said the Personal Information Protection and Electronics Document Act (PIPEDA) can handle the emerging privacy issues involving new technologies. The Conservative government is expected to table amendments to PIPEDA soon and a spokeswoman for Industry Minister Tony Clement told his office is “aware of the suggestions and will consider them carefully.”

In the meantime, if your information is stored on the cloud, just beware the rules around what companies can do with it is clear as a cloudy day.