Cloud computing allows dramatic flexibility in information processing—and on a global basis. Its technology permits data transmissions that span the globe. Computing activities now shift from country-to-country depending on load capacity, time of day, and a variety of other factors. These decisions are sometimes made in real time and by machines rather than humans.

This video produced by EletsTV was filmed at a "Cloud Computing and Government" symposium held in New Delhi, India on April 30th. This video features SafeGov's Jeff Gould speaking about the challenges of implementing cloud computing solutions for public sector customers in international markets.

I had the pleasure of having the opportunity to interview Kathleen Styles about cloud computing in education. Styles is the first chief privacy officer of the U.S. Department of Education (ED). Previously, she served as the chief of the Office of Analysis and Executive Support at the U.S. Census Bureau. Without further ado, here’s the interview.

On April 2 the French privacy authorities (known by their acronym CNIL) announced that France, and the privacy authorities in five other European countries (Germany, Italy, the Netherlands, Spain, and the United-Kingdom ), had agreed to simultaneously begin enforcement actions against Google under their respective domestic privacy laws. The enforcement actions follow a months-long investigation of Google’s privacy policy to determine whether the policy met the requirements of the European Data Protection Directive. It also follows a 4-month delay in enforcement during which the European authorities had hoped Google would modify its practices. This decision is quite significant.

Following last month’s final meeting between Google and European regulators at which “no change” in Google’s attitude was seen by European Union (“EU") regulators, at least five European countries began their own investigations into Google’s global privacy policy, promising coordinated enforcement action by summer.

Europe’s Data Protection Authorities have made a bold new move in their long-running fight to compel changes in Google’s controversial privacy policy. After repeated warnings that the policy violates the rights of European users and persistent indifference from Google, six of the 27 members of the EU’s Article 29 Working Party of national Data Protection Authorities – including France, Germany, the UK, Italy, the Netherlands, and Spain – have decided to pursue enforcement measures against Google under their respective national laws. At stake is Google’s ability to continue deploying in Europe its business model of offering free or low-cost online services in exchange for users’ personal information. However, the biggest impact of the DPAs’ move may come not in the consumer market, but in the lesser-known market for online services used by organizations such as governments and schools.

SafeGov.org today released its latest report titled “Measuring What Matters: Reducing Risk by Rethinking How We Evaluate Cybersecurity” during an event at the National Academy of Public Administration’s office in Washington D.C. The report is designed to encourage government and industry experts to collaborate and implement a more effective framework and evaluation process to enhance the government’s data protection posture.

The Department of Defense (DoD) information technology (IT) budget is investing resources on cloud computing technology. The Pentagon is replacing traditional mainframe and client-server IT systems with distributed shared-computing architectures that control storage and processing capacity on-demand. Cloud technology promises security improvement and cost reduction to government CIOs, but decision makers are challenged by the reality of operating diverse datasets, persistently provisioning resources to address network intrusions, and analyzing packet and log data for event forensics.

Massachusetts has become the first state to introduce legislation that would ban companies that provide cloud computing services from processing student data for commercial purposes. MA Bill 331 is sponsored by Rep. Carlo Basile and it was referred to the House Committee on Education on January 22, 2013. MA Bill 331 states, "Section 1. Notwithstanding any general or special law to the contrary any person who provides a cloud computing service to an educational institution operating within the State shall process data of a student enrolled in kindergarten through twelfth grade for the sole purpose of providing the cloud computing service to the educational institution and shall not process such data for any commercial purpose, including but not limited to advertising purposes that benefit the cloud computing service provider."

In a previous post, I discussed the implications of the new HIPAA-HITECH Act regulation for cloud service providers. I noted that cloud service providers would generally be deemed to be business associates (BAs) under HIPAA because any entity that “maintains” protected health information (PHI) on behalf of a covered entity or another BA is deemed a BA. Under HIPAA, BAs are directly liable to HHS enforcement for a number of responsibilities under the HIPAA Privacy and Security Rules. Moreover, a BA must be under a business associate agreement (BAA) with the entity supplying the PHI.