Comments to the Los Angeles City Council:
Public Policy Ramifications of Cloud Computing


Send to PrinterSend to Printer


Copyright © 2009-2014
Privacy Rights Clearinghouse
Posted July 21, 2009

July 20, 2009

To the Members of the Los Angeles City Council

Information Technology and General Services Committee

        The Honorable Tony Cardenas, Chair

                and ITGS designated staff member Eduardo Soriano Hewitt

        The Honorable Bernard Parks

                and ITGS designated staff member Lorenzo Briceno

        The Honorable Herb Wesson

                and designated ITGS staff member  Edward Johnson

        and

        Legislative Assistant Adam Lid

Dear Sirs:

I am writing to express concern about the proposal for the City of LA to implement Google Apps for its e-mail and office systems.

I am concerned about the propriety of a government entity using services that are “in the cloud,” so to speak, as repositories for sensitive personal and organizational information.

I question if enough is yet known about the privacy, security and confidentiality of personal information in a cloud environment.

There are two concepts I would propose in analyzing this proposal. The first is stewardship – the responsibility of the City to ensure that personal information it collects, holds, analyzes, merges with other information, and disseminates is fully protected from illegitimate access and uses. Key questions include these:

 

  • Is a cloud environment going to provide sufficient protection for such sensitive information?
  • Does the City’s stewardship role in regard to personal information preclude movement of personal information to a cloud environment?

 

Second, I recommend that the City consider a rigorous privacy and security impact assessment about the cloud computing proposal. This process would include a thorough risk analysis.

The purpose would be to leave no stone unturned in examining every possible scenario in which sensitive personal information could be compromised in a cloud environment. Such an assessment should include a legal analysis in which relevant state and federal privacy-related laws are reviewed vis-à-vis the cloud computing proposal.

In conclusion, it is vitally important that the City of Los Angeles ensure that sensitive personal information in its possession is adequately safeguarded in a cloud environment.

If you are interested in learning more about privacy impact assessments, I am happy to suggest some resources.

Thank you for your consideration,

Sincerely,

Beth Givens, Director

Privacy Rights Clearinghouse

Related links:

 


X

Sign In!

Loading