Firms Run Data Protection Risk by Not Checking Where Information is Held in the Cloud

UK businesses are being urged to conduct proper due diligence on their cloud storage and backup providers, or run the risk of falling foul of data protection regulations says Icomm Technologies.

Research by the business has found that 70%* of Cloud Backup providers do not reveal which country, general locality or legal jurisdiction customer data is stored within.

With daily cyber crime and cyber espionage having escalated by 24%** in 2012, businesses need to be confident they know exactly where customer or employee data is physically being kept. If this is not the case companies could risk breaking the Data Protection Act 1998.

The law*** specifically states that companies need to keep information secure and that data should not be transferred to countries outside the European Economic Area unless it is adequately protected.

The Information Commissioners Office (ICO) has clearly shown it is now prepared to fine any organisation not taking these data protection responsibilities seriously after issuing fines totalling £1.8m for data security breaches over the last year - up from £431,000 in the previous year.

Cloud storage has provided businesses with viable and economical solutions to the challenges of huge data growth and unlocked access to offsite disaster recovery facilities. 

However, it may suit a data centre company to store data in countries where costs may be lower but research by the Business Software Alliance (BSA) has shown many countries do not have the same regulatory governance in place as the UK in regards to data protection.

The BSA’s Global Cloud Computing Scorecard ranks many of the major growth economies such as India, Brazil and China particularly poorly in comparison to the UK, which is ranked sixth in the world.

Icomm Technologies, Ian Callens, said: “Companies need to ensure they know where business critical data is being held to avoid the risk of cyber espionage, crime, illegal copying, sharing and selling of their data to third parties.  Exposure could yield fines.  

“Our research has shown the frightening scale of cloud backup providers that are not forthcoming in sharing even basic geography of where data is stored.  This suggests most users of cloud backup aren’t concerned or even asking the question of data location as part of their due diligence. 

“Equally, it suggests many providers are hood-winking customers by not proactively revealing where data is located and many are operating under the false perception that their data is protected under UK jurisdiction when, in fact, it isn’t.”

Research firm IDC has also urged CIOs to ensure due diligence is conducted when selecting a cloud service provider, having found 30% of suppliers currently in the cloud market will be out of business by 2015.


*Research – Based on google search for ‘Cloud Backup provider’, top 20 ranked providers were assessed to see if they named, promoted or shared at all, the location or geography of data storage/backup on their website.  In some cases IM or telephone conversations were undertaken to establish ‘What geography or city do you store customer data?’

**The number of daily cyber attacks targeting businesses increased 24% in the first six month of 2012, according to Symantec.

***The Data Protection Act 1998 (the Act) applies to firms holding information about living individuals in electronic format and, in some cases, on paper. Companies must follow the eight data protection principles of good information handling. These say that personal information must be: fairly and lawfully processed; processed for specified purposes; adequate, relevant and not excessive; accurate and, where necessary, kept up to date; not kept for longer than is necessary; processed in line with the rights of the individual; kept secure; and not transferred to countries outside the European Economic Area unless the information is adequately protected.

The BSA Global Cloud Computing Scorecard ranked the UK sixth in the world on 76.6%. Brazil scored 35.1% in regards to cyber crime.

Release Date: 05/11/2012

BS EN ISO 27001:2005 - Information Security Management
© Copyright Icomm Technologies Limited. All rights reserved. [I]

The Probrand group

This site uses cookies. Some cookies are necessary for the site to function properly. Preferences. Continue.