Posted onin Leadership/Management
A quote famously attributed to Politian Tip O’Neil states, “All politics is local.” Something similar could be said of global privacy and intellectual property laws. In Europe the individual owns his or her own information, which cannot “leave” Europe, while in the US, any information gleaned from public records on the Internet belongs to whoever collects it, who is then free to sell it to anyone. So while US citizens enthusiastically register for “do not call” lists and diligently delete cookies, marketers, debt collectors, investigators, and the nosy can buy publically available information on whomsoever they want. In the US, intellectual property and the income stream from it lives on indefinitely, while in Europe, intellectual property such as a public performance, automatically becomes public domain after 50 years. In Europe privacy issues have been raised over Google’s Street View application. The service is banned in Austria (although a Romanian company has a similar application in use in Austria).
If the EU’s 27 countries seem more stringent about personal privacy, just how will this affect the adoption of global cloud computing? According to Pieter Schoehuijs, CIO of Akzo Nobel N. V., the problem is that in Europe, it is less accepted for a 3rd party to control data – you personally need to be legally and technically in control of it. (Are Global Privacy Laws chasing Cloud Computing away? November 03, 2010: 4:24 – 6:01) While businesses are creating all sorts of websites, people have no clue, nor seem to care where personal data is being kept, and business applications must accommodate local law – for example, Nobel ‘s Corporate keeps its HR data for offices around the world, with the sole exception of Germany. (10:37 – 11:35)
Tier 1 research VP, Antonio Piraino, further elaborated that it is not so much privacy laws in and of themselves that are the stumbling block, but rather, the need for bench marks by cloud providers proving there is adequate security, and then additionally, localization answers as to where content resides and how it impacts the individual as consumer, rather than the business itself. (8:49 – 10:36)
Antonio also suggests that the problem is not so much legislation, which in some situations has even driven Cloud adoption, but rather a mindset about technology in general. Switzerland has many privacy laws, but thanks to the need for security and archiving technology, has benefited by becoming a safe hold for data as well as money. (12:40 – 14:30) Furthermore, cloud providers being dependent on the security of their applications to stay in business, may actually have better, state of the art security, than some companies! Besides, the first thing out the door is usually not personal or other sensitive corporate data but development and technology areas. (22:16 – 22:41 & 24:42 – 25:24)
As CIO of a EU 14 billion company with operations in 70 countries mostly outside the US, Pieter acknowledges that while the simplest way to ensure privacy is to be hesitant about putting sensitive data in the external cloud, there is an increasing need for developing a global enterprise architecture and corporate governance rules that accommodate the “tightest” global laws as a guide. (34:55 – 37:55)
Antonio spotlights other reasons, beside privacy, for data sensitivity. For example, Salesforce, one of the most successful Cloud companies must be careful about one client’s data becoming available to other clients and possible competitors. In these circumstances, security for sensitive data comes down to trust. (37:56 – 38:40) If as a user, you accept an outsourced service like CRM, it is up to you to complain. Regardless of whether laws are stringent laws, like Germany, or lax (as in the US) monitoring everyone for compliance is difficult if not impractical, and usually there are no complaints unless a problem surfaces. All countries have their own flavor of privacy concerns. Americans’ privacy concerns are about big government interfering in the home, while Europeans worry about their lives being exposed in mass media (38:41 – 42:56), and the benefits and efficiencies of Cloud to corporations and business trump them. FaceBook has been sued over lapses that allowed users’ personal data to be compromised, but still remains a popular social application, globally.
There are other issues of concern where legally, the answers may not be that straight forward, for example, who owns the data in the cloud, the originator or vendor? When it comes to government data, these concerns certainly beg the question of who is responsible for protecting the data or even decommissioning it. And, what about SLAs to define things such as whether government data can be keep it another country? Read more about this here.
Are we, here in the US, oblivious to privacy issues? Paradoxically, citizen groups use YouTube as a forum to protest the intrusions of “big” federal government into their personal lives (2010 census video), but consider all the information required on the site’s web form to join and comment! Meanwhile, an issue over tracking internet activity, in order to bring “customized” ads to people browsing the Internet, is getting some coverage. Read about it here.
QUESTION FOR OUR BLOG READERS: Are privacy concerns being trumped by corporate and business needs here in the US?