When you put your data into the cloud you’re handing it over to a provider who may have data centres in many different places, countries or even continents.
While the great thing about the cloud is that you can access it from anywhere, the downside is you may never know exactly where your data is being stored.
This is bad news for scientists working with sensitive data such as health records, or governments wanting to store national records. If data is moved to a different country, a whole different set of legal rules could be in force. If you process data in the UK, store it on servers in the US and send it via France whose laws would you obey? Things can get messy very quickly.
Users can sign agreements with providers specifying which countries they would like data to be stored in, but as clouds are proprietary technologies, it could be hard to check that this has been followed.
Governments and authorities are currently working on common laws to cover data – for example, in the EU, the Data Protection Directive requires data to either be stored in the European Economic Area (EEA) or in a territory that has equivalent legal privacy laws. However the Directive was put together before the surge in cloud technologies and needs to be updated to address the new concerns that this throws up.
For now, anybody working with sensitive data, might find a private or community cloud is a better solution to their needs. Otherwise legal issues such as data protection, privacy and user’s rights will need to be factored into cloud provisioning.