Clouding over

Simon Hodgett

Oct 20, 2014

Staff, Toronto Star


Cloud-based services are increasingly tempting small businesses. Accessible from an endless number of devices and locations, by countless people, complete with seemingly endless storage – it’s no wonder companies are flocking to house their data in the cloud.

But that means handing over sensitive data — including that of your clients or customers — to another business. And that can open up holes in a company’s digital security.


While storing sensitive information on cloud services may open up new risks, many big cloud providers have more elaborate security than the average small business, says Simon Hodgett a partner at law firm Osler, Hoskin & Harcourt whose area of specialization includes corporate cyber security.

The most important thing for a business is to do their due diligence and ask the right questions before they entrust their sensitive data to someone else, he says.

“Always look at the contract,” says Hodgett. “Most of these services don’t take on a lot of liability.”

Business owners should familiarize themselves not just with the legal implications of third-party services but also a practical understanding of how they work, including a basic understanding of encryption.

They should know “what happens to your information, where it’s going and how it’s going to come back,” and anything particularly important should be backed up, he adds.

If a customer’s sensitive information is stolen from a cloud-based service, that could also open the business using that service to legal liability under federal and, in some cases, provincial privacy laws.


Hodgett says the big question will be: “Was it appropriate for you to put that information there in the first place?”

If a business has done its homework and cooperates with the privacy commissioner, that risk can be mitigated, he says.


Read the full article