March 24, 2008
Patriot Act Compliance Causes Google a Headache
According to a Globe and Mail article today , the Patriot Act may cause many organizations to wonder about using Google's free office productivity software. The issue is that the organization's data is stored on Google's servers. Therefore, they are potentially subject to search and review by US government law enforcement services. This could occur without the knowledge of the end user. This is due to the expanded powers granted to the US government after 9/11 in the law known as the Patriot Act.
The concern becomes that any company who houses another company's data, hosting services for example, may be subject to requests from the US federal government to view confidential data. The organization housing the data may not be able to deny the requests.
An excerpt from the article is here:
"The privacy issue goes far beyond academia. In Toronto, at SickKids Foundation, which has the largest endowment of any Canadian hospital, employees have been keen to use Google tools. But the foundation's IT department blocked access for two reasons.
"Wherever possible, we keep our donor and patient records in Canada, as trying to enforce privacy laws in other jurisdictions is complex and expensive," said Chris Woodill, director of IT and new media at SickKids Foundation. Second, free hosted software offers limited support and no formal legal contract, limiting an organization's ability to demand additional privacy or security measures, he said.
Google says it has a strong track record in regard to protecting customers' data. The firm cites a court case it fought in 2006 against attempts by the U.S. Justice Department to subpoena customer search records. "We will continue to be strong advocates on behalf of protecting our users' data," said Peter Fleischer, Google's global privacy counsel.
But the Mountain View, Calif.-based company will not discuss how often government agencies demand access to its customers' information or whether content on its new Web-based collaborative tools has been the subject of any reviews under the Patriot Act."
Even if data is not housed in the US, if a hosting company for example, does business in the US, there could be such a request made to the hosting company, citing national security. It does bring interesting questions into play about allowing any outside organization to house and safeguard your data.
The concern becomes that any company who houses another company's data, hosting services for example, may be subject to requests from the US federal government to view confidential data. The organization housing the data may not be able to deny the requests.
An excerpt from the article is here:
"The privacy issue goes far beyond academia. In Toronto, at SickKids Foundation, which has the largest endowment of any Canadian hospital, employees have been keen to use Google tools. But the foundation's IT department blocked access for two reasons.
"Wherever possible, we keep our donor and patient records in Canada, as trying to enforce privacy laws in other jurisdictions is complex and expensive," said Chris Woodill, director of IT and new media at SickKids Foundation. Second, free hosted software offers limited support and no formal legal contract, limiting an organization's ability to demand additional privacy or security measures, he said.
Google says it has a strong track record in regard to protecting customers' data. The firm cites a court case it fought in 2006 against attempts by the U.S. Justice Department to subpoena customer search records. "We will continue to be strong advocates on behalf of protecting our users' data," said Peter Fleischer, Google's global privacy counsel.
But the Mountain View, Calif.-based company will not discuss how often government agencies demand access to its customers' information or whether content on its new Web-based collaborative tools has been the subject of any reviews under the Patriot Act."
Even if data is not housed in the US, if a hosting company for example, does business in the US, there could be such a request made to the hosting company, citing national security. It does bring interesting questions into play about allowing any outside organization to house and safeguard your data.
