Welcome!

Cognitive Computing Authors: Yeshim Deniz, Pat Romanski, Liz McMillan, Elizabeth White, Zakia Bouachraoui

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Containers Expo Blog, Cognitive Computing , Cloud Security

@CloudExpo: Article

ICO Guidance Highlights the Need for UK Data Control

A useful and informative report on cloud computing

By David Canellos
PerspecSys President and CEO

The UK Information Commissioner's Office (ICO) recently published a useful and informative report on cloud computing that provides key guidance for companies using or considering cloud services in the UK. The guidelines intend to help organizations comply with the 1998 Data Protection Act (DPA), and they offer welcome assistance for private and public enterprises struggling to avoid stiff non-compliance penalties from the watchdog agency.

The ICO emphasizes that cloud customers are responsible for ensuring data protection, whether they know it or not. Many businesses simply don't realize that data protection is their responsibility when processing is outsourced to a third party (i.e., a cloud provider).

The ICO makes several recommendations about how to assure cloud provider security measures and mitigate data access risks, including physical inspections of cloud provider facilities, third-party audits of security systems, and ongoing procedural reviews and updates. And what really makes sense is for the data controller to have a written contract with the data processor that places the same legal obligations on the processor as on the data controller itself. This becomes critical when you get down to the details of the DPA, which restrict data transfer outside of the EU without adequate protection for the rights and freedoms of data subjects. But by its very nature, cloud computing makes this difficult as data can be stored or processed on servers located anywhere in the world. In some cases, cloud providers can't even pinpoint where data is being stored at a given time, much less cloud customers. Reasons such as this make cloud service providers reluctant to agree the sorts of contractual requirements the ICO suggests.

Realizing that there is no such thing as an iron-clad SLA, the ICO encourages businesses to look for way to maintain control of their sensitive information. As a critical part of the guidance, it underlines encryption as a means to protect personal data in transit or at rest. With encryption, data controllers can maintain and enforce their own security measures at all times. The PerspecSys cloud data protection solution helps data controllers comply with UK laws because any information that is stored or processed in the cloud can be encrypted or tokenized, rendering it undecipherable. This gives organizations a practical, technically feasible way to overcome data privacy restrictions, take advantage of the cloud's numerous benefits, and maintain legal compliance.

The ICO also mentions another potential encryption benefit that pertains to international law enforcement. Foreign law enforcement agencies may have the power to demand access to personal data stored in foreign data centers. By storing encrypted rather than clear text information in the cloud, companies are further able to protect data subjects' privacy rights.

For more insight into these issues, check out PerspecSys' new whitepaper, Data Privacy & Compliance in the Cloud. Available for download from our website, the paper discusses how encryption and tokenization (which can be extremely valuable for organizations with data residency requirements) satisfy legal requirements and industry mandates associated with protecting sensitive data in cloud applications.

Read the original blog entry...


PerspecSys Inc. is a leading provider of cloud data security and SaaS security solutions that remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. Based in Toronto, PerspecSys Inc. is a privately held company backed by investors that include Intel Capital and GrowthWorks.

More Stories By David Canellos

David Canellos is a security veteran who is now President and CEO of PerspecSys. An entrepreneur specializing in bringing innovative security and privacy solutions to market, he has been instrumental in establishing PerspecSys as the leader in the Cloud data Protection Gateway market.

Before joining PerspecSys, David held executive positions at Irdeto Worldwide, which acquired the company he led, Cloakware, which was a pioneer in encryption and digital rights management. Before joining Cloakware, he was the General Manager and Vice President of Sales for Cramer Systems (now Amdocs), a UK-based company, where he was responsible for the company’s revenue and operations in the Americas. Prior to his work with Cramer, David held a variety of executive, sales management and business development positions with the Oracle Corporation, Versatility and SAIC.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of ...
DXWorldEXPO LLC, the producer of the world's most influential technology conferences and trade shows has announced the 22nd International CloudEXPO | DXWorldEXPO "Early Bird Registration" is now open. Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.