The Privacy Commissioner of Canada, together with the Information and Privacy Commissioners of Alberta and British Columbia, jointly released a Guidance Document on privacy responsibilities and considerations for small and medium-sized enterprises (SMEs) in cloud computing or the delivery of computing services over the Internet.
The privacy responsibilities and considerations discussed in the Guidance Document include:
- benefits, risks and privacy implications of cloud computing;
- accountability for the protection of personal information through contract clauses;
- security of personal information by cloud computing services providers;
- customers’ knowledge and consent of disclosure of personal information to third party cloud computing services providers
- control, accessibility and portability of personal information by SMEs; and
- jurisdictional issues, applicable laws and disclosure of personal information by third party cloud computing services providers (access to information requests, warrants, subpoenas, legal requirements, and requests by government agencies, foreign courts or law enforcement).