recent work

ICO Publishes Guidelines for personal data held in the Cloud

The ICO has issued a new code of practice for businesses that hold personal data in the cloud. This code of practice has been designed to help businesses comply with the law, by querying how cloud providers protect their data, and addresses how the Data Protection Act applies to information processed online (including how a company should operate internationally). 

‘The cloud-computing code of practice will help [SMEs] not just comply with the law, but to run their businesses well’  Iain Bourne, the ICO’s group manager of policy delivery states. At the moment, if a cloud provider compromises the security of its client’s data, the responsibility still lies with the client, or the business. This code of practice is available at as a downloadable document.


As Absolute Data has been working with for around 18 months, it fully understands the concerns around the stories of data in the cloud. However, in Absolute Data’s experience, represents a very secure, well -managed and manageable environment in which to store personal data although we do understand that all clouds computing providers are as professional as salesforce, nor take security matters as seriously.  The code of conduct is a great piece of work by the ICO, giving more guidance to organisations of the sorts of questions to ask and the issues to look for when selecting a cloud computing partner. We would be very happy to advise on the application of the code of practice – please email us at for further information.