Putting the Cloud Under Lock and Key

 When it comes to the law, digital data is challenging the basis of values we hold dear, such as privacy and security. The fact is, digital is different, but it shouldn’t change our right to privacy. Here’s a look at the current legal landscape for digital data in the cloud and some tips for how your business can keep its data secure.   

Digital is different

When all your company’s sensitive customer and internal data is locked in a file cabinet on-premises, you can rest (somewhat) assured that it’s secure. The same goes for an on-premises server—you know who has access to it and when. What happens, though, when your data is up in the cloud (or stored in a data center somewhere in Tokyo or Chicago, for example)?

Among businesses, the rising demand for third-party cloud service providers will challenge longstanding notions of data privacy and security. Namely, who can look at your data and under what circumstances? According to Brad Smith, general counsel and executive vice president for legal and corporate affairs at Microsoft, “you own emails stored in the cloud,” and “they have the same privacy protection as paper letters sent by mail.”

Privacy in the cloud

The problem is, this is a legal gray area at the moment. Privacy precedents in regards to digital data are slowly being established, but so far, there’s been no decisive ruling on third-party doctrine (information that is voluntarily provided to third parties).

In a recent blog post, Smith wrote about the historic tension between the advancement of technology and the protection of “enduring values,” such as privacy and security. According to Smith, the key is to figure out how we can “maximize the benefits of technology” while also “preserving values we hold timeless.”

The right security measures

Today, the cloud is a business necessity. And just like you wouldn’t leave your file cabinet unlocked in the lobby, it’s important that you take the appropriate measures to protect your data. That may involve creating new positions such as a cloud access security broker, increasing encryption technology, or evaluating different service providers to find one that upholds the same privacy beliefs as your company.

At the end of the day, “it’s important to trust the technology that you’re using,” writes Smith. While the law plays catch-up, you need to prioritize finding a cloud service provider that you trust has your privacy interests at heart. Check in with Microsoft on the Issues to read the latest on cloud privacy and security.