Code of Practice Needed | Cloud industry forum

Code of Practice Needed

Cloud Industry Forum Supports Information Commissioner's Office (ICO) launch of 'Personal information online code of practice'

Cloud Code Of Practice Needed Now More Than Ever

The UK data protection watchdog has issued a guide for small businesses to help them protect customers' personal information online, an initiative that has been welcomed by the Cloud Industry Forum.

Part of the code of practice, which was published last week, is designed to help small businesses query cloud providers on how they protect data in their care.

"We have been arguing for some time that organisations seeking to use online services need a straightforward form of certification or 'Code of Practice' for potential suppliers that will accurately and simply define the services offered, standards of data centre operations and practices," stated Andy Burton, Chairman of the Cloud Industry Forum.

"What is needed now is an objective, clearly understood approach to the concept of Cloud computing that will explain how it will impact business, how it can be used with existing investments in on-premise technology, and aid understanding of the issues that are important to understand in determining which supplier can offer the best solution for a particular business need. CIF intend to drive the debate to ensure that Cloud providers work together to ensure that challenges to cloud adoption such as security, integration, portability, interoperability, governance and management are addressed in an industry-wide Code of Practice that will support the ICO initiative," he added.

The Cloud Industry Forum has just completed an extensive public consultation on its proposed Code of Practice, which encompassed a wide range of issues pertinent to its development incorporating discussions on areas such as operational issues, delivery, financial viability of suppliers, governance and the identification of relevant security and interoperability standards.

Andy Burton, who is also chief executive at web-hosting company Fasthosts, added: "There is now no doubt that the buzz around the concept of Cloud has reached new heights and has moved beyond hype to substance. Many in the IT industry are claiming it is the most significant development in IT since the launch of the Internet. Equally there are sceptical voices to be heard, but the benefits are hard to ignore, so long as users have confidence to embrace the solutions available."

The ICO's code of practice addresses how the Data Protection Act applies to information processed online, including how a company should operate internationally. Among other advice, the guidance urges businesses to ensure they have a written contract for cloud services, which should stipulate that the same level of data security be applied to outsourced data as is maintained internally.

In addition, it contains advice including how to collect personal details through an online application form, the use of cookies to target content, and the use of data to market to individuals.

The ICO provided a checklist for small businesses to follow for best practice with the use of personal information. For example, it reminds them that if they are going to use customer information to send marketing material, customers should be given a clear choice about whether they want to receive it.