The Italian Data Protection Authority (Garante) published, on 24 May 2012, a Guide on Cloud Computing entitled 'Cloud Computing - How to Protect the Data from Not Falling from the Clouds', directed at private enterprises and public administration.
In particular, the Guide suggests businesses and government authorities inspect reliable suppliers when choosing a service provider, prioritise services that promote the portability of data, ensure the availability of data in case of need, and select the data to be included in the cloud. The Guide also recommends not losing sight of the information and consulting on where the data will actually reside, as well as being aware of contractual clauses and checking times and storages (agreed) of data. The Guide also recommends adequate measures of security and staff training.
© 2013 Cecile Park Publishing Ltd. All rights reserved
''The Guide is an extensive and useful tool providing guidance on a series of different issues dealing with duties, liabilities, right and opportunities of all parties involved in the provision of cloud services'', Rocco Panetta, Partner at Panetta & Associati, told DataGuidance. ''Legal entities, both national or multinational, can find in the guidance a number of best practice and/or interpretation of laws and regulations to be applied in case of activities carried out in a cloud context.''
Panetta said: ''[The Guide] is the first important interpretation document touching the most sensitive issues in the cloud. The most challenging provision deals with the appointment of cloud providers as data processors, while consumers and operators shall remain autonomous data controllers. While this is something that could be implemented with respect to two different companies providing outsourcing services in the cloud, this is risky and likely impossible to implement in relationships between individuals and cloud providers.''
More specifically, the first two chapters of the Guide - 'What is Cloud Computing' and 'Different Clouds for Different Demands' - provide definitions and the types of usages possible. The third chapter, 'The Legal Framework', provides an overview of the current legal regulations in place. The 'Evaluation of the Risks, Costs, and Benefits' chapter offers a Questions & Answers section explaining the main criteria in evaluating the risks, costs and benefits. Finally, 'The Ten Commandments of an Informed Choice' chapter offers practical suggestions.