Cloud Computing and Off-Site Storage

Cloud computing is data processing, data retention and other computer programs and processing services that are not actually located on the user’s premises or retained on the user’s computer systems.

The user simply accesses a shared pool of configurable computing resources on an on-demand basis. It allows a user to pay for as much or as little of the resource as the user may require.

Storage of electronic date offsite and the use of software to organize, manipulate and access the information through the internet is subject to the same principles concerning privacy and access as records stored on-site.

Before using such technology the board of education will need to investigate to ensure that privacy and access requirements can be met. The use of a PIA in these circumstances may be of particular use.

It is crucial to ensure that the contract for services provides the appropriate protections to the board of education.

As with any service or system there should be sufficient training and information provided to staff so that they understand the rules to be followed when accessing the service. Supervisors will be able to supervise and discipline staff members who do not follow the rules.

The Office of the Information and Privacy Commissioner of Saskatchewan has made the following comments about the issues that should be addressed when considering cloud computing:

“The use of cloud computing by any Saskatchewan government institution, local authority or trustee raises very important privacy considerations and will require extremely careful attention when any cloud computing contract is considered. Will the data still be under the control of the Saskatchewan organization for purposes of FOIP, LA FOIP or HIPA? Will the data be adequately protected? Would cloud computing impede the citizen‘s right of access to information? How does the Saskatchewan organization control secondary use or unauthorized access to its own data when it is clearly no longer in its possession or custody? … Given our current legislation, we would strongly caution any government institution, local authority or trustee organization that is contemplating the use of cloud computing to not proceed without first doing a very thorough Privacy Impact Assessment”

FOIP FOLIO, July 2010

As with any service or system there should be sufficient training and information provided to staff so that they understand the rules to be followed when accessing the service. The local authority will be able to supervise and discipline staffs who do not follow the rules.