UK’s Law and Cloud Computing Department: The UK Data Protection Act of 1998 incorporates intensified commitments to ensurethat information controllers are able to embrace specific stipulations in written agreements with data processors. The law necessitates that data controllers have to guarantee control of personal data with the appropriate technical and organizational measures in place to prevent unauthorized or unlawful processing or accidental loss, and destruction of individuals’ images. Even though the customary approach in a number of cloud providers’ conditions of operation is to avoid legal responsibility for security of information and endow their clients with full responsibility of retaining safety based on information they upload, the principals of the UK legislation are on the contrary to this.
This Data Protection Act provides that anyone with the intention of or responsible for using data has to adhere to data protection principles recommending: fair and lawful use. use for limited, and specifically stated purposes. use in an adequate, relevant and not excessive way. accurate use. data not kept for longer than is absolutely necessary. handled in accordance to the people’s data protection rights. kept safe and secure. and, not transferred outside the UK without adequate protection. In short therefore, this Act ensures that Data controllers are bound by the law to give rights to data subjects, i.e.: the right of access to their personal data. the right to stop information processing techniques that are likely to cause substantial distress or damage. the authority to obstruct auto generated decisions. and the right to object direct marketing by any institution thereof (Data Protection Act, 1998).
From a wider perspective, the European Data Protection Law (which also concerned with electronic data), stipulates very stringent controls on the entire steps involved in processing of personal data/ information, and its transfer to anywhere outside European Economic Area. Because of the uncertainties over how and where cloud vendor will probably store the uploaded data, there is a lot more potential that need to be put to ensure that customers are in breach of such laws. Therefore, a number of regulations influencing cloud computing are linked to data security. Whatever processes are involved in processing of data, and the consequent location where the data is processed is so critical. Hence, regarding data processing, the European law necessitates that appropriate techniques and organizational measures are actively taken to protect against unauthorized or unlawful processing of personal data such as any information that would relate to an identified or identifiable natural person, and against accidental loss destruction of, or damage to, such data/ information. Data controllers (customers, in the case of cloud computing vendors) are supposed to be engaged in a formal agreement in place with the cloud merchant necessitating that vendor should solely process individualized information in accordance with the data controller’s instructions and to set up apt technical and organizational measures. Consequently, the standard approach of many cloud vendors is to take into account provisions specifications that exclude liability for security of any data.
For data location, storage and retrieval, cloud computing provides data abstraction. a situation where data is held somewhere else, in a cheaper jurisdiction. This means that this technology offers a platform for easy and quicker access to data without the user having any knowledge of the physical location.
In conclusion, this Act provides that personal data can only be transmitted to another country for use in case that country is registered with the European Commission’s record of territories or if it makes available sufficient fortification for the personal information, of which US is one. Companies that have signed the Safe Harbor agreement providing regulations on how to handle such data, under the oversight of Federal Trade Commission, can also be allowed to access personal information. In complying with this Data Protection Act of 1998, individuals and organizations ensure legal acquiescence to avoid fines, to make business management better, and to keep customer security.
The Data Protection Act 1998, Part Two (Rights of data subjects), Section 11, Office of Public Sector Information, information accessed on 6th September, 2007