Though the US lags behind most of our post-industrial counterparts inservices, more services and content are moving online with each passing month. Many of us are getting our entertainment from ‘the cloud,’ and a growing number are putting our information back up into that cloud.
For nonprofits, so-called ‘cloud computing’ holds a number of benefits: the costs of such online/server-based systems are much lower than buying your own system (Apple’s Mac Mini Server being the exception, asa couple of weeks ago), your information in the cloud saves space and energy in the office, and your staff can gain access to information from any wired or wireless connection.
Nevertheless, for larger organizations looking to move their data online, some legal concerns must be taken into account. Stacey Collett of ComputerWorld.com has provided a great primer for some of those concerns.
Perhaps not surprisingly, the first issue is privacy. Cloud-computing, by any legal definition, is disclosing information to a third party. Thus US laws about privacy must be followed. Usually, such compliance is not an issue for the charity and its first-tier partner (the one being paid for the cloud technologies). But that first-tier partner usually moves information through its peers’ and competitors’ networks as well. Do they adhere to US law? Will you be allowed to make any claim on them if they do not?
The whole structure of the cloud is about vibrant, flexible, amorphous, data retention and sharing. So legal issues about privacy are further complicated by cross-jurisdictional compliance. Collett spoke to a number of experts who point out that the EU has some of the most stringent privacy laws in the world, and thus European-based services are often not allowed to share their technologies or the information carried over them with US tech services. What that says about US interests in our privacy, we’ll leave for the reader…
As of now, search warrants apply to the hardware, not the account(s) on it. So if your charity is using a cloud provider who gets searched for another company’s/person’s investigation, you might lose access to your information for some period of time. Discuss how your provider partitions accounts and offers redundancies/backups in case such a legal tangle were to be stumbled into.
Still on the issue of handing over material for investigation, though your service provider ‘has’ your organization’s information, your organization is responsible for it. If, heaven forfend, your non-profit is subpoenaed to give information, do not expect your provider to get such things to the authorities. Your organization is the one liable.
Finally on Collett’s informative list, what is the provider’s plan on security? Is the data kept in one place? Is the lock down sufficient? Is data parsed among a number of servers, forcing a hacker to try to locate all the servers to get a useful lode of data? Different companies hand security different ways, and all the policies have their own benefits – just be informed before signing your contract.
For further information, see Stacey Collett’s article here. Cloud computing offers a myriad of advantages for smaller and larger nonprofits and charities, but such advantages include some risks that should be appreciated. Be informed, not afraid.