Consumer Tips: Cloud Computing Privacy Tips

February 23, 2009

By Robert Gellman and Pam Dixon

Tips for consumers:

  • Read the Terms of Service before placing any information in the cloud. If you don’t understand the Terms of Service, consider using a different cloud provider.
  • Don’t put anything in the cloud you would not want the government or a private litigant to see.
  • Pay close attention if the cloud provider reserves rights to use, disclose, or make public your information.
  • Read the privacy policy before placing your information in the cloud. If you don’t understand the policy, consider using a different provider.
  • When you remove your data from the cloud provider, does the cloud provider still retain rights to your information? If so, consider whether that makes a difference to you.

Will the cloud provider give advance notice of any change of terms in the terms of service or privacy policy?

Tips for business or government:

  • Beware of “ad hoc” cloud computing. Any organization should have standardized rules in place telling employees when and if they may utilize cloud computing and for what data.
  • Don’t put anything in the cloud you wouldn’t want a competitor, your government, or another government to see.
  • Read the Terms of Service. Then read the Terms of Service again.
  • Make sure that you are not violating any law or policy, by putting data in the cloud, and think twice before putting any consumer data in the cloud.
  • Consult with your technical, security or corporate governance advisors about the advisability of putting data in the cloud.

For More Information on Cloud Computing:
See World Privacy Forum’s report on Cloud Computing, Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing <>.

For updates to the report, these tips, and other documents related to the report, see the World Privacy Forum’s Cloud Privacy page at: <>.