Cloud Customers Need to Ignore Patriot Act Scare Stories, According to New IDC Study
"Scare stories over the Patriot Act abound, but they are fallacious," said David Bradshaw, IDC research manager for European public cloud services. "The Patriot Act is nothing special, indeed data stored in the U.S. is generally better protected than in most European countries, in particular the U.K."
Almost all countries have similar legislation that gives the authorities a means to requisition data on cloud services - and stored anywhere in their jurisdiction - in order to investigate and prevent acts of terrorism. The issue is ensuring that these powers are used only when absolutely necessary.
The Gold Standard for Regulating Access to the Cloud
The "gold standard" is that government agencies are required to seek a court order for any access to data, and that cloud vendors are not allowed to give up customers' data without a court order, other than in truly exceptional circumstances such as imminent danger of loss of life. This is the case in the U.S., where all access to cloud data requires a court order.
However, most European countries are less stringent in their requirements. As a result, data stored in the U.S. is arguably better protected with legal safeguards than data stored in most European countries. In particular, the U.K. has weaker legal controls, and this may become a barrier to organizations in other European countries adopting services that store data in the U.K.
What do User Organizations Need to Do?
Users need to ignore the Patriot Act scare stories. Most large organizations will already be using services, such as outsourcing, where their data is stored on a service vendor's system. Adopting cloud services brings nothing new to these customers; indeed with many cloud vendors storing data in the U.S., your data will arguably enjoy far more stringent protection.
For smaller organizations, cloud services should primarily be evaluated on the business value they bring to you. Data location is a far smaller consideration, and should not be a big concern for the vast majority of users, particularly those in the U.K.
To Learn More
The study, Government Access to Cloud Data: Impact on Users, Vendors, and Markets (IDC #SP54U, October 2012), was written by David Bradshaw and is published on idc.com. Subscribers to IDC's European Public Cloud: SaaS, PaaS, and IaaS program and certain IDC services will have access to the study as part of their service. Otherwise, interested parties should contact their local IDC office.
IDC Central Europe GmbH
IDC is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. IDC helps IT professionals, business executives, and the investment community make fact-based decisions on technology purchases and business strategy. More than 1,000 IDC analysts provide global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries worldwide. For more than 44 years, IDC has provided strategic insights to help our clients achieve their key business objectives. IDC is a subsidiary of IDG, the world's leading technology media, research, and events company. You can learn more about IDC by visiting www.idc.com.