Cloud Storage; Good or Bad?
Cloud storage first reared its head in my school at least two years ago when a forward thinking (shall we say?) teacher asked me to install the DropBoxÂ software on his teacher machine. Â As with most of these requests, my first question was Is it safe?
Working in a school in England means we must, follow a number of laws and acts ofÂ parliament based around data security and safeguarding. Â We must follow Â The Data Protection Act 1998Â and register our organisation with the InformationÂ CommissionersÂ OfficeÂ who are the regulatory body and are a great place to find advice.
The DPAÂ states what type of information may be stored or processed, how it must be stored, and how we go about obtaining it. Â There are two types of data Personal Data & Sensitive Personal Data.
Personal Data is someones name, date of birth, sex, address, telephone number, email address etc. Â Sensitive Personal Data is a personsÂ religiousÂ beliefs, ethnicÂ origin, political opinion, trade union status, health, sexual life and criminal offences or alleged offences.
The DPA crucially also tells us where we can transfer the data to.
So who is in the EEA?
Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Who else has anÂ adequate level of proctection?
Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Itlay, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden.
Some of you may have noticed that all sorts of territories are not on the list. Â Crucially for many, the good ol’ US of A. But wait, there’s more…
Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Isreal, Jersey and Switzerland.
Although the United States of America (US) is not included in the European Commission list, the Commission considers that personal data sent to the US under the â€œSafe Harborâ€ scheme is adequately protected.
So, with all that in mind, can that teacher use drop box?
On first inspection, we find that DropBox is based in San Francisco, however searching the Safe Harbor list, their name doesn’t show up. Â However, it turns out they use Amazon strorage, and they are on the list. Â But does that make it ok? Grumbledook of edugeek explains this specific issue much better than I could.
So which platforms are ok? Â Personally I use SugarSync. Â They give you 5GB’s rather than the 2 from DropBox. Â They offer the same service (cloud storage of Â files and photos, sharing and mobile apps access) but most importantly, they comply with the safe harbor guidlines.
We have recently been asked by staff to also use the web clipping toolÂ Diigo. It’s a online web clipping and bookmark tool. Â Again it’s not based in the EEA, but it’s not on the safe harbor list either. Â Evernote however is. It offers the same services although in a slightly different way. Â It’s primarily an online note service. Â I happily sync my desktop to my laptop to my netbook, to my iPhone…
Unfortunately, the buzz word companies in the market often grow so quickly, and are so keen to improve their offerings they make mistakes. Sadly DropBox had the mother of all data breeches when they let anyone into any account for a period of four hours.
SkyDrive & Google Docs may not quite have the same functionality or level ofÂ synchronisationÂ across Â devices, but they are big names, offering a secure service, ticking the relevant data protection boxes.
Should we ban the use of DropBox and Diigo (in this example) from School? Â My answer is, probably not.
Although some of these services are classed as safe, the safest method is not to upload it in the first place. User training is key, as always.
I do use evernote for note taking in work, but I never use peoples names; Â I useÂ initials. I use Google Docs, but only for my personal files. Â I’ve made that choice, it’s my lookout if it all goes wrong. Â All school personal data stays in my own cloud, where I can touch the disks in a locked room. Â It’s a kind of mini cloud, called a Storage Area Network.
What do you think? Â Am I way off the mark? Â Should I lighten up? Block access? Please comment.