The Information Commissioner's Office (ICO) has produced guidance designed to help firms gain a better understanding of the data protection issues around cloud computing services.
The document aims to provide clear guidance after the data watchdog revealed it was concerned many firms are unaware they still retain legal responsibility for data after it has moved to the cloud. Some firms wrongly believe responsibility for data was passed to the cloud provider.
As such, the guidance provides advice such as: ensuring firms question cloud providers on how data will be kept secure, both physically and technically; ensuring everything is set down in a written contract; and that policy requirements are put in place on how the data must be handled.
The ICO warned firms of issues relating to transferring data overseas, where it can fall under the laws of other nations - notable in the US under the Patriot Act which gives the government access to any data stored on servers in the country.
Report author and technology policy advisor at the ICO, Simon Rice, said firms should use the guidance to help them gain a better understanding of what the use of cloud services really means to avoid the possibility of fines.
"The law on outsourcing data is very clear. As a business, you are responsible for keeping your data safe. You can outsource some of the processing of that data, as happens with cloud computing, but how that data is used and protected remains your responsibility," he said.
"It would be naïve for an organisation to take the attitude that these guidelines are too much effort to simply store some data in a different place.
"Where personal information is involved, the stakes are high and the ICO has already demonstrated it will act firmly against those who don't meet data protection laws"
However, some of the advice given could be out of date in the future, as under the Data Protection Directive's Binding Safe Processor Rules (BSPR) cloud providers could legal take responsibility for data protection, to remove this burden on firms and drive cloud uptake.
Ecostress instrument will provide new insights into water usage and plant health on Earth
Symantec warning over state-sponsored hackers targeting satellite operators' control systems
Letter to House of Commons Treasure Committee explains cause of payments glitch earlier this month
Would you want to live in a world without memes?