Calling @GrumbleDook who is out expert on such matters!
Does anyone have any clarification on the below text? Local LA's are having a field day re data security at the mo.
I was considering offering this as a product to schools, however I need more info on data locations prior to doing so.
It's worth noting the text below came from an article published in Jan 2012.
'An Achilles heel?
The underlying problem that has already caused some of our legal clients to rule out Office 365 as a non-starter is caused by US legislation in their “Patriot Act” and lawyers are not alone in recognising a problem here.
The UK Data Protection Act forbids an organisation acting as a “Data Controller” to pass user data outside the European Union unless the recipient country provides guarantees as to how the data will be used. However, the Patriot Act, introduced to protect US national security, can require that any US company (wherever data is held) must disclose data on demand to the US Government without the knowledge of the owner of the data, which is contrary to the UK Data Protection Act. Microsoft has been up-front in acknowledging that they cannot give that guarantee and this applies to data held in all their hosted solutions. As a result, in December 2011, BAE ditched plans to adopt Office365 because Microsoft could not guarantee the company’s data would not leave Europe, in spite of operating a data centre in Dublin.
We have yet to see how the Patriot Act issue will unfold and perhaps it is not a concern for the average client of a law firm; or maybe even for firms of any size, but this compliance issue needs to be addressed. However, it is unlikely that Law Societies will take a definitive stance.
Otherwise, Office 365 is an option that most firms should at least check out on the free trial for now, to be able to make informed decisions about using it or other similar solutions that may become available along similar lines. Other local EU-based providers of hosted solutions that don’t have to comply with the Patriot Act may well move into this space.'
Please have a detailed look at my article around Dropbox and the role of Safe Harbor with US companies.
Also remember that in Education there are a number of instances of O365 including LGfL, Glow ... and I am presently working (supplier side) on rolling it out as part of Hwb in Wales.
It is all about the risk assessment and policies.
Thanks folks, it's also a good article, I'll keep that at hand.
So my understanding is that the google equivalent is in accordance with eu safe harbour compliance?
Also remember that it is not just where the data is stored that is something you have to consider, but what types of data is stored there too. You have to follow this up with good policies and good training. There is no point just rolling out a policy with no training. If something goes wrong it can be considered the same as if no policy was in place anyway.
Bashir (29th March 2013)
It might be useful to note that Office 365 specifically was recently given IL2 accreditation by the UK Gov't: Microsoft Office 365 Receives G-Cloud IL2 Accreditation from Cabinet Office for Use Across the UK Public Sector - Microsoft UK Government Blog - Site Home - MSDN Blogs
Microsoft has also signed up to EU Safe Harbor: Safe Harbor - Organization Information
There are currently 1 users browsing this thread. (0 members and 1 guests)