View RSS Feed


Data Protection and Safe Harbor

Rate this Entry
by , 5th June 2014 at 12:47 PM (3787 Views)
I'm a big fan of cloud services. They provide universal access to powerful software at little cost to the school, and they're convenient for both students and teachers. But data protection is a big issue to get your head around, and many schools either struggle to understand the implications of storing data online, or simply never address the issue.

I've worked with schools that have dived in head first and never considered where or how their data is being stored, and also the opposite where a Network Manager is so averse to the word "Google" that he refuses to use anything that isn't stored locally.

I sit somewhere in the middle. Cloud services can be a brilliant tool, but they have to be used and managed sensibly.

A question I get asked a lot is how do you know if the service you're using is "safe" to use. Part of the answer -- although by no means all -- is whether or not the company providing the service adhere's to the EU-US Safe Harbor framework.

The European Commission’s Directive on Data Protection which went into effect in October 1998 prevents the transfer of personal data to countries outside of the EU.
Wow, that sounds really dull. Basically it means that companies outside of the EU cannot store your personal data on servers outside of the EU.
Clearly this poses a problem. Most of the big cloud service providers — Google, Amazon, Microsoft, and Apple — are based in the US. To get around this the US-EU Safe Harbor Framework – yes, I’m sticking with the US spelling here — was created. In simple terms the framework is a set of standards that US company can use to evaluate and then join the Safe Harbor Program thereby meeting EU data protection requirements and allowing the personal data of EU citizens to be stored on US servers.
When you store data in the cloud using a service such as Dropbox, Google Drive, OneDrive, or iCloud you need to make sure that the company providing the service meets Safe Harbor standards.
To find out more about the Safe Harbor framework, check out this article.


  1. GrumbleDook's Avatar
    This has been discussed in a variety of forums and to some extent it boils down to the school completing a risk assessment on the company, including what they have placed in the Safe Harbor notice and what the school thinks the risks are for the countries where the data may be stored.


Total Trackbacks 0
Trackback URL: