Privacy Issues in Cloud Computing and Mitigating Strategies

Privacy Issues

Sensitive information that must be held private are include:

Personally Identifiable Information (PII) : These are information that have close connections with the name or address of any individual which could be used to identify or locate people or information that can be potentially correlated with the other information to identify an individual (for example, postal code, credit card number, Internet Protocol (IP) address).

Sensitive Information : These are private information that can be used to describe a person or a way of life. These include health records, religion or race, sexual orientation, union membership, and so on. The other information that may be considered sensitive include personal financial information and job performance information. PII considered to be sensitive include the collection of surveillance camera images in public places or biometric information.

Usage Data : Usage data is data that is collected from computer devices like printers and behavioral information such as viewing habits for digital content, users’ recently visited websites or product usage history.

Unique Device Identities : The other types of information that can be uniquely traceable to a user device are IP addresses, Radio Frequency Identity (RFID) tags, and unique hardware identities.

Mitigating Risks

To mitigate the risks relative to information security and privacy, the following questions need to be addressed.

  • Who are the stakeholders involved in the transaction or communication?
  • What are their roles and responsibilities?
  • Where is the data kept?
  • How is the data replaced?
  • What are the relevant legal rules for data processing?
  • How will the service provider meet the expected level of security and privacy?

The main privacy and stakeholders are as follows:

The cloud service user : Being forced or persuaded to be tracked or give personal information against their will, or in a way in which they feel uncomfortable.

Organization using the cloud service : Failure to comply with business policies and legislation, credibility and loss of reputation.

Developers of cloud platforms : Exposure of sensitive information stored on the platforms (potentially for fraudulent purposes) , loss of reputation and credibility, lack of user trust, legal liability and take up.

Cloud service providers : Loss of reputation, legal non-compliance, ‘function creep’ using the personal information stored on the cloud.

The data subject : Exposure of personal information.