Cloud computing is a growing trend and has changed the landscape of information technology, shaping not just our work environment but also our personal lives. Many of us have been using cloud computing for years on a daily basis through web-based email, social media and other applications. The rapid adoption of cloud computing especially by organisations, and the fact that more and more sensitive commercial and personal data is being stored on the cloud, has raised concerns about whether cloud computing platforms are sufficiently secure.
While there may be laws and regulatory requirements intended to mitigate the security and data privacy risks associated with the use of cloud computing platforms, organisations still remain cautious today in adopting cloud computing solutions. Many prefer to remain in waiting mode to evaluate how these risks can be appropriately managed while the solutions deliver the promised value. However, as more organisations come to terms with the associated risks, they will be better positioned to see the simple but powerful business case for cloud computing. This paper seeks to address these concerns by highlighting the key legal and regulatory issues that impact the adoption of cloud computing from a Singapore perspective and demonstrating that with the right guidance and partner, organisations need not avoid adopting cloud computing solutions.
The Singapore government has chosen to adopt a “cloud friendly” policy as seen by the Singapore government’s own adoption of cloud computing for government services. In recent years, there have been efforts by the Info-communications Development Authority of Singapore (IDA) to address the issue of cloud computing standards and to promote the adoption of cloud computing in Singapore. Singapore has also adopted a light-handed approach in terms of legislating the adoption of cloud computing and the collection, use and transfer of personal data.
While any legislation regulating the collection, use and transfer of an organisation’s data tend to be sector specific with a greater emphasis being placed on the financial services sector and protection of government information, the recently enacted Personal Data Protection Act (PDPA) now complements existing sector specific legislation to support and enable the growth for cloud computing in Singapore. As many cloud computing service providers use data centers in the USA, one issue that is constantly debated is the USA Patriot Act. This paper also seeks to dispel the notion that the Patriot Act provides the US government agencies unfettered access to data held by the cloud computing service providers.