Businesses could be leaving themselves wide open to fines of up to £500,000, according to a new study, which claims more than two-thirds of cloud back-up providers do not inform customers where their data is being physically kept.
The report from Icomm Technologies is likely to make grim bedtime reading for Information Commissioner Christopher Graham, who has warned companies that they risk hefty fines if found to be using inadequate storage measures.
The Data Protection Act states that companies need to keep information secure, and that data should not be transferred to countries outside the European Economic Area unless it is properly protected.
Graham is so concerned about the issue that his office recently issued new guidelines, with the man who drew them up – Dr Simon Rice – warning: “Where personal information is involved, the stakes are high and the ICO has already demonstrated it will act firmly against those who don’t meet data protection laws.”
But according to Icomm Technologies, nearly 70% of data storage/data centre providers do not actually reveal which country, general locality or legal jurisdiction customer data is stored within.
“Our research has shown the frightening scale of cloud backup providers that are not forthcoming in sharing even basic geography of where data is stored,” said Icomm Technologies executive Ian Callens. “This suggests most users of cloud back-up aren’t concerned or even asking the question of data location as part of their due diligence.
“Equally, it suggests many providers are hoodwinking customers by not proactively revealing where data is located,” he said, adding that many are operating under the false perception that their data is protected under UK jurisdiction when, in fact, it is not.
Related stories
Cloud fears trigger ICO action
