You may wonder what the data gathering antics of the USA government (the NSA and the PRISM data gathering system – revealed by whistle blower – Edward Snowden) mean for our sector.
To my mind, if you are using the services of one of the named Cloud providers (Microsoft, Google, Facebook, Apple etc.), then you will effectively be sharing your data with the US Government.
It’s not just me being alarmist. Indeed the EU has written to the US with a list of concerns.
Also Sweden’s data protection authority this week issued a decision that prohibits the nation’s public sector bodies from using the cloud service Google Apps. Google’s linked data policy allows it to collect information about its users across all its products, services and websites and store it in one place. This has been criticised by many organisations including Microsoft, all of whom have expressed concerns that it’s difficult to tell which data Google collects and how it’s used.
Link that to the Prism data collection system and we have open season.
Why is this important? Well, potentially, if your data is about clients, it probably contravenes our own Data Protection Law. Some charities keep all their files (or back it up) in cloud based storage rather than a server. Most of that data is held on servers in the US.
Further some cloud based applications (e.g. Microsoft 365) are based in the US.
So what can charities do about it?
Well, quite a lot actually.
Firstly, if you have not already got one, get yourselves a server on-site. Being a charity you have access to very cheap software –including server software – through the charity Technology Exchange. This means that you should be able to get a new server, set up and installed for around £2000 plus VAT. Then you hold your key data.
Secondly, if you are buying a cloud based package – ask where the data is stored.
There is the so-called ‘Safe Harbour’ scheme (which says that the US Government will respect the privacy of data from outside the US) but it is now of questionable value given Prism.
States across the EU are now asking serious questions. See: http://www.guardian.co.uk/world/2013/jun/10/european-reaction-us-surveillance-revelations/ .
Currently we have a situation where the US Government can access data for its own reasons without complying with the laws in the countries where users are based.
We all tell our kids to be careful on the net. We need to take care ourselves.