While doing some research on cloud computing and considering the privacy and information security implications, I ran across a recent (11/18/2008) report from the Constitution Project, “Liberty and Security: Recommendations for the Next Administration and Congress“.
The following is an excerpt from page 184…
“The Electronic Communications Privacy Act (ECPA) of 1986 established workable standards for government surveillance of email and stored communications in criminal cases. However, ECPA has been outpaced by technological developments and privacy safeguards have not yet been established for information related to new electronic services. For example, cell phone service providers now routinely store information about the location of their customers while their cell phones are turned on, but ECPA does not specify a standard for law enforcement access to location information. Moreover, the emergence of “cloud computing,” which enables storage on remote computers of business records and information such as personal calendars, photos, and address books, raises new privacy issues that require clear standards for custodians of this information who receive government requests for access to it. Currently, this information is on a weaker privacy footing than the same information when it resides in the user’s computer. A patchwork of confusing standards and conflicting judicial decisions has arisen, and it has confounded service providers and created uncertainty for law enforcement officials.
Strong statutory standards, coupled with increased clarity, would be good for business, good for privacy, and good for law enforcement.”
Tags: awareness and training, cloud computing, Constitution Project, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training