Castlebridge Associates

Over the past few months I've been involved in a number of events related to Cloud Computing and have had countless conversations about the pros and cons of outsourcing, as well has having studied a number of business arrangements that boiled down to someone being a Data Processor for someone else, a Data Controller.

I have found that my message in each of these apparently disparate situations can now be boiled down to:

• It's the Information, Stupid and
• The Fine Print can feck you up frustrate your intent and
• If you can't find who is responsible for the thing, then it is you who is responsible.

Over the past few months I've been involved in a number of events related to Cloud Computing and have had countless conversations about the pros and cons of outsourcing, as well has having studied a number of business arrangements that boiled down to someone being a Data Processor for someone else, a Data Controller.

I have found that my message in each of these apparently disparate situations can now be boiled down to:

• It's the Information, Stupid and
• The Fine Print can feck you up frustrate your intent and
• If you can't find who is responsible for the thing, then it is you who is responsible.

I was asked recently to present at a Breakfast briefing being run by another local Irish consulting firm that specialises in Cloud Computing (they're imaginatively called Cloud Consulting and are run by a really nice bunch of guys, including Tim Pullen).

HP have announced an "interesting" service which will allow people to print from mobile devices to printers using an email address. Your document will then be whisked off to HP's DataCentre from whence it will find its way to your printer. 

Magical.

But as with all magic there is a dark side.

This past month I presented at the Cloud Camp events in Dublin and Cork with a 10/15 minute presentation (depending on how much I rambled) on the Data Protection issues raised by Cloud Computing.

I've packaged the presentation as a tutorial which runs to about 17 minutes. It was put together in a hurry (because slideshare doesn't like slide animations in powerpoint) so the audio is a little bit jumpy in places, but I'll be redoing this as a more in-depth tutorial in the coming weeks.

Cloud Computing is the coming wave. There is no escaping it. However, when it comes to managing Data Protection and Information Quality we need to be wary that this new Emperor may be somewhat lacking in the clothing department.

There are two areas where organisations need to consider their strategies when interacting with the Cloud are:

• Information Quality
• Data Protection/Privacy

Flicking through one of the local newspapers this morning (the Wexford People) I spotted a story about a laptop that had been stolen from a primary care Medical Centre in Wexford town last week.

What struck me about the story was how they made a point of stressing the value of the laptop (€1500) but at no time did they mention whether or not the laptop held any personal data relating to patients at the Medical Centre in question.

Our philosophy is that Compliance done right is a benefit, not a burden. Compliance with the Data Protection Acts is no exception. 

While registration with the Data Protection Commissioner is a statutory duty under the Data Protection Acts 1988 and 2003, there are a number of exemptions which can be availed of. As a result, many businesses or organisations have not had the statutory need to think in depth about the information they use in their operations.