Question

As employer are in a shift to more cloud computing and cloud storage, what is the effect to our expectation of privacy?

Include dangers to users of social media and What remedies are available to victims and how do these differ from remedies victims of traditional crimes and torts?

Answer 1

More employers are using and adapting their IT infrastructure to cloud computing and cloud storage. The effect of our expectation of privacy is, there is privacy as well as security. The public cloud service providers' main goal, concern, job zero, and the number one priority is to provide privacy and security to their customers' data in the cloud. However, from a different perspective or rather from the controlling perspective, yes, employers do not have much control over their data in the cloud as the data are stored in remote servers in different geographic regions sometimes scattered across in different countries. Unlike saving and storing data on servers in a company's own data centers, they would have 100% control, responsibility, privacy, security, and even, management and administration. However, this is not the case with cloud computing.

Employers' privacy of their data will be under a threat only if hackers and attackers attack the public cloud service providers' IT infrastructure or their data centers. The moment an employer uploads any data onto the cloud platform of a public cloud service provider, data privacy becomes a concern and is questionable. Also, the public cloud service providers are required to agree with their customers on maintaining the privacy and security of their customers' data and they will not use and their data without proper business justifications and upon their customers' consent to do so. Once any employer puts his data on the cloud, the data will be there forever and even on the Internet.

There are many privacy concerns such as:
* Data security and privacy.
* Data accessibility and portability issues.
* Data deletion or destruction in the cloud.
* Compliance, legal, and regulatory requirements.
* Storage details and location of our data storage.
* Data monitoring and auditing.
* Data tracking through cookies, apps, etc.
* There is a concern or misconception cloud computing has the ability and potential to be privacy disabling.

Sensitive medical information of patients, users, and customers saved and stored in the cloud should be properly controlled, managed, and stored protecting their privacy, confidentiality, availability, accessibility, and integrity. These patient data are Protected Health Information (PHI), medical prescriptions, reports, and records, and payment records, payer and provider employee data, and wired and wireless (Internet of Things) IoT medical devices data ubiquitous in healthcare domain and environments.

Hence, proper policies and agreements are to be made between the cloud service providers and their customers on the privacy of their data. Customers, companies, and employers though need not be anxious about data privacy, as the very purpose of the cloud service providers to provide cloud computing and cloud storage services, solutions, etc., is to provide their customers data privacy and security. Our privacy concerns are increasing, the concerns are important, and definitely be address in the online world.

Dangers included to users of social media, the remedies available to victims, and how these differ from remedies victims of traditional crimes and torts:
Users who post their confidential, private, personal, sensitive, and critical data on social media will remain there forever, as the data are replicated on servers storing them as the services are run on the cloud platform. The users' data are replicated, shared, posted, and sent to different servers, users, and computer systems on the cloud and offline instantaneously, automatically, globally, both legally and illegally, seamlessly, without much of warning and awareness, as everything completely is digital with sophisticated technologies. Hence, it will be difficult to undo anything such posts, shares, comments, files sent or received, as some of the data might even be replicated and stored safely offline without the owner or the user's knowledge and it is difficult to control, stop, and regulate it.

The victims of traditional crimes and torts, such as posting, sharing, copying, printing, editing hard copies of data, text, photos, recording audio files, making copies of video files the considerable amount of time as most of the efforts are physical, manual, and electro-mechanical in nature. The bad consequences are less, it takes a lot of time for the data to propagate even within small distances. These traditional crimes were controllable as the authorities, security officers, CIAs, FBIs, Police departments, military or defense knew where the attacks came from as, they could see, touch, smell, and feel them as everything was physical and mechanical.

Both, cloud service providers and the users, employers, and customers should follow the shared responsibility model of security as a best practice to ensure data privacy and security, where the cloud service providers handle the security of the cloud whereas, the customers handle security in the cloud. Cloud service providers should conform to ISO/IEC 27018, which is the international set of privacy controls in the cloud.

Remedies:
* Enable default block for any access to private data, features, service, etc.
* Ensure the cloud system is updated with strong data security features.
* Do not disclose personal, private, social, professional, and other critical information on the cloud unless it is absolutely necessary.
* Everything and every data should be kept in the private mode, and only explicitly the data should be made public with one's knowledge and consent, and with proper business justification or genuine reason.