Cloud Computing Services
The UK Information Commissioner (ICO) has published guidance on cloud computing services which includes this definition: ‘cloud computing services offer organisations access to a range of technologies and service models typically delivered over the internet’. In the accompanying overview, the ICO states:
‘Organisations that maintain and manage their own computer infrastructure may be considering a move to cloud computing to take advantage of a range of benefits that may be achieved such as increased security, reliability and resilience for a potentially lower cost.
By processing data in the cloud an organisation may encounter risks to data protection that they were previously unaware of. It is important that data controllers take time to understand the data protection risks that cloud computing presents’.
The University’s IT Services offer a range of internally hosted cloud services which staff and students must consider first before then investigating the transfer of personal data (or confidential / commercially sensitive University information) to an externally hosted service. If it is agreed that the University is unable to provide what is required, any staff member intending to use an external service must:
- Refer to the ICO’s guidance and in particular the checklist at s.98 which covers these headings: ‘Risks, Confidentiality, Integrity, Availability & Legal’
- Consider and where necessary seek legal advice on the terms of the agreement with the cloud provider
- Ensure they can demonstrate that they can satisfy the legal requirements of signing up to the service
- Seek the written approval of their line manager
- Consult the Senior Governance Officer (Records Manager)
Using Cloud Computing Services for events management or advising students about advertised Cloud Services
In response to the increasing use by staff of external cloud computing services for ticketing/event registration purposes and organisations which are advertising or offering their services to the student community, this specific guidance on these types of services and what you should do with them has been developed.