Cloud Computing Policy – Is your head in the cloud?

Most employers will have a solid IT and communications system policy. If you have no other IT policies, then make sure this is a good one. However, this will hopefully be supported by a Bring Your Own Device to Work (BYOD) policy and a Social Media Policy. In the mix you can also have a Homeworking Policy for those who have employees who work off site and a Data Protection Policy can be helpful. However, with the advances in modern technology, have you checked that your policies up to date and do they cover use of the cloud?

Cloud computing services are essentially application and infrastructure resources that users can access via the Internet. These services are owned, controlled and run by an external provider and you access these as “services”. For example, in everyday use, you may use these platforms with Apple, Google, Microsoft, Dropbox and Amazon as a customer.

Many businesses now see the fantastic benefits of cloud computing given the flexibility it can offer - from increased storage and data handling capacity to reduced in-house IT costs. At the same time, the risks can be great, given the control you sacrifice to the service provider. You are also at risk of service reliability and stability issues, for example, a sudden loss of service or loss of data without notification.  There is also increased risk over the security, data confidentiality and location of the data.

Studies show that employees have admitted to uploading sensitive company information to file sharing or personal cloud storage apps, and have also used personal email and cloud storage apps to access data from their jobs. This access could continue after an employee has left your business, therefore bypassing your IT infrastructure and safeguards.

My top tips for you are therefore:

•  check your policies are up to date -  this means they cover cloud usage, restrictions on using services outside your own infrastructure to include higher risk activities, like accessing your systems remotely;
• ensure that your employees are fully aware of these policies and they form a part of your inductions and ongoing training;
• ensure you have considered what safeguards you put in place to ensure that cloud computing service use meets with your:

        - data protection requirements;

        - client/customer confidentiality;

        - business continuity; and

        - other regulatory and professional conduct obligations (if these apply);

• consider whether you need a separate cloud computing policy, if the needs of your business dictate.    

For advice and guidance on cloud computing policies please contact me. Paula Squire, Senior Associate in the Employment and HR Team, Clarke Willmott LLP: [email protected] / 0345 209 1200  or 0117 305 6200.