Outsource Issue 22 - (Page 94)
STORM CLOUDS ON THE HORIZON?
Cloud computing has the potential to revolutionise outsourcing - but along with the advantages of new models might come some pretty hefty legal challenges...
Jonathan Kirsop, senior associate for Stephenson Harwood Jonathan Kirsop is a lawyer in the Commercial, Outsourcing and Technology Practice of International law firm Stephenson Harwood. He advises regularly on outsourcing and technology agreements. He is also a specialist in data protection and has spent time on secondment at the Information Commissioner’s Office.
C
loud computing has been much discussed over recent years and is thought by many in the industry to represent the future for IT and data management. The model whereby data storage and processing is carried out by a service provider on the internet (or in “the Cloud”) rather than on the hard drives and/ or servers of individual entities - is particularly attractive to the SME community as it allows them to avoid the need to build and maintain extensive hardware infrastructure to support data warehouses. It also gives businesses great flexibility to scale-up or down their IT requirements as necessary with the minimum of cost. Familiar to people in the consumer space (facebook and hotmail both examples of services operating in “the cloud”), bringing “cloud computing” to business is now a fiercely competitive battleground with all the big IT players such as Google (including in partnership with IBM), Microsoft and Apple - offering
cloud-based products in varying forms that are suitable for business use. However, as well as other concerns (such as the inherent loss of control involved in using this model), the issue of privacy and in particular a company’s ability to successfully comply with European data protection regulations could act to (at least partially) limit the uptake of cloud computing.
Data Protection Legal Framework
The law on data protection in the UK is primarily governed by the Data Protection Act 1998 (the “DPA”) which itself is derived from a European Directive on data protection (95/46/EC) (the “Directive”). The DPA legislates the use of information relating to a living and identifiable individual (“personal data”) in the UK (with broadly equivalent acts across Europe also based on the Directive). What constitutes “personal data” is interpreted widely and has been held to cover information ranging from ISP and email addresses to more obviously sensitive information such as health records. Accordingly, almost every business will process personal data of some sort - whether it be contained in emails, personnel records relating to employees or client databases and so any UK company which seeks to outsource the management and storing of that information into the “Cloud” would need to comply with the provisions of the DPA. In light of this, there are perhaps three main challenges in using cloud computing - namely: Security, Transparency and Overseas Transfers
AMI Partners research estimates that by 2014, spending by small and medium businesses on cloud computing will reach $95 billion.
94
● ●●●●
www.outsourcemagazine.co.uk
http://www.outsourcemagazine.co.uk
Table of Contents for the Digital Edition of Outsource Issue 22
Outsource Issue 22
Table of Contents
Shutting the Door?
Q&A: Deborah Kops
Colombia
LPO
Editorial Board Roundtable
Head-to-Head
HR Trends
Long Live AMS!
The Provider Perspective
Platforms Make Sense in the Cloud!
NOA Pathway
Case Study: Kingâs College Hospital
Egypt
Silver Lining
Roundtable Write-Up
Case Study: Nokia & Hyphen
Alan Leaman
Leah Cooper
Kay Formanek
Paul Awcock
News & Comment
The Legal View
NOA Roundup
Online Roundup
Letter to the CEO
Letters to the Editor
Sourcebites
Inside Source
The Last Word
Outsource Issue 22
http://europe.nxtbook.com/nxteu/EMP/OutsourceIssue22
http://europe.nxtbook.com/nxteu/EMP/outsourceissue22-orig
http://europe.nxtbook.com/nxteu/EMP/OutsourceIssue21
https://www.nxtbook.com/nxteu/EMP/OutsourceIssue20
https://www.nxtbookmedia.com