Privacy warning on cloud computing

May 8, 2015 - 7:36am

During Privacy Awareness Week the Queensland Government Chief Information Office (QGCIO) and the Office of the Information Commissioner (OIC) are taking the opportunity to warn Departments and Agencies to consider the implications for security and privacy when using devices and apps in their work.

They are particularly concerned when information is transmitted internationally.

OIC’s Principal Privacy Officer, Lemm Ex said the Information Privacy Act 2009 (Qld) allowed personal information to be transferred out of Australia only when certain conditions were met.

"Many mobile apps and services available on smart devices are in fact cloud services with the service provider based overseas. As such, Government Agencies should assess the terms and conditions of the services or apps to ensure personal information transferred overseas through their use has the equivalent privacy protections as the information has in Queensland," Mr Ex said.

Agencies were also urged to consider any other confidentiality and secrecy legislation that may apply.

Chief Information Officer, Andrew Mills said the ICT-as-a-service offshore data storage and processing policy and associated guidelines could help Agencies assess what security classified information could be transmitted offshore.

"As more government workers use consumer cloud products, for example, Dropbox for sharing large files, it is vital they understand their obligations to keep personal and confidential information secure and what these technologies can and cannot be used for in the workplace," Mr Mills said.

"With a variety of devices and apps on the market it is natural to have high expectations of how IT can support workplace productivity. However, as part of the risk assessment of new tools it is important to investigate whether saying 'no' to a technology is the only solution,” Mr Mills said.

Guidelines for the use of cloud computing are available here