The Privacy Commissioner of Canada, together with the Information and Privacy Commissioners of Alberta and British Columbia, jointly released a Guidance Document on privacy responsibilities and considerations for small and medium-sized enterprises (SMEs) in cloud computing or the delivery of computing services over the Internet.
The privacy responsibilities and considerations discussed in the Guidance Document include:
- benefits, risks and privacy implications of cloud computing;
- accountability for the protection of personal information through contract clauses;
- security of personal information by cloud computing services providers;
- customers’ knowledge and consent of disclosure of personal information to third party cloud computing services providers
- control, accessibility and portability of personal information by SMEs; and
- jurisdictional issues, applicable laws and disclosure of personal information by third party cloud computing services providers (access to information requests, warrants, subpoenas, legal requirements, and requests by government agencies, foreign courts or law enforcement).
Businesses must maintain control of any personal information collected from an individual that is transferred to cloud computing service providers. Businesses are reminded that any personal information collected from an individual must be handled and protected in accordance with Canada’s private-sector privacy legislation, including personal information that is entrusted to cloud computing service providers.
For the Guidance Document entitled Cloud Computing for Small and Medium-sized Enterprises: Privacy Responsibilities and Considerations
Summary by: Lauren Lodenquai