Cloud guidelines for public bodies
The European Network and Information Security Agency (ENISA) has released new reports about the obligation to report data security breaches and about the integration of cloud computing capabilities into public bodies.
Its "Security and Resilience in Governmental Clouds" report examines the pros and cons of cloud services for public bodies and particularly attempts to identify potential risks involved in the processing of classified information. The report said that while commercial cloud services offer good cost effectiveness, they don't offer public bodies any control over the service; for example, to ensure that applicable laws and regulations are observed. Consequently, it only recommends the use of such services for non-critical applications. Furthermore, it is questionable whether service accessibility and reliability is satisfactory across all EU countries, said the report. Various sample scenarios offer guidelines for decision-makers about whether using cloud services is advisable in their public body or community.
The "Data Breach Notifications in Europe" report examines the way telecommunications providers currently handle data breaches. Since the beginning of 2010, an obligation to report data breaches, for instance when personal data is copied following a web server break-in, has been in force across the EU.