What are data protection regulators looking for in cloud computing contracts?

Grazed from International Law Office. Author: Fiona Wilson and Oliver Bray.

The recent rise of cloud computing – both for businesses and at consumer level – is providing a decent challenge for the regulators tasked with applying established data protection principles to this new and fast-developing industry.

Until last year there had been little guidance at UK or EU level. However, in July 2012 the Article 29 Working Party – the independent advisory body made up of data protection regulators from across the EU member states – released its Opinion on Cloud Computing (05/2012). This was closely followed by guidance from the UK regulator, the Information Commissioner’s Office (ICO). The ICO’s Guidance on the Use of Cloud Computing was published in September 2012…

The working party and ICO have attempted to provide workable and commercial solutions for both cloud suppliers and their customers. Both regulators have concluded that data protection legislation should not be a bar to using cloud services, but that certain measures must be put in place, mainly by the customer, to ensure compliance with the data protection principles at each stage of the cloud chain. Helpfully, the ICO guidance includes a practical checklist of issues to consider when looking to put personal data in the cloud. This update looks to these documents for the key considerations for both suppliers and customers looking to use cloud arrangements for personal data…

Read more from the source @ http://www.internationallawoffice.com/newsletters/detail.aspx?g=73814a28-16cb-4b4d-8d15-cd55b16e2800