Cloud Storage Privacy Policies: What It All Means

Cloud storage privacy policies outline how user data is collected, stored, and accessed by the service provider, ensuring transparency and security for users. Understanding these policies is crucial to safeguarding personal information and ensuring compliance with data protection regulations.

This is box title

Cloud Storage Privacy Policies: What It All Means

Privacy policies in cloud storage services are crucial for understanding how your data is collected and used. provides insights into the basics of privacy policies and their significance. While security focuses on preventing illegal access to your content, privacy pertains to the restrictions on legal access and the usage and sharing of your data by cloud providers. Privacy policies are agreements that outline the data collected, its purpose, and how it is utilized. These policies vary across countries, but in the United States, the Federal Trade Commission (FTC) has developed guidelines called the Fair Information Practice Principles (FIPPS), which encourage businesses to follow five core principles. Although FIPPS is not legally binding, it is based on a broader set of laws that offer remedies for misuse of information.

When reviewing a privacy policy, it is important to look for specific details. For instance, a good privacy policy should specify the types of information collected and explain how they are used. As an example, Carbonite, a backup provider, is cited as a cloud storage service with a comprehensive and easily understandable privacy policy. Carbonite collects personal information such as name, address, email, and billing details, as well as diagnostic information like IP addresses and browser data. Carbonite also mentions that it stores data in encrypted form and does not view the contents of stored data without the user’s consent, except in legal matters or breaches of their terms of service.

If you have concerns about targeted marketing, Carbonite allows users to opt out of having their information used for that purpose, and you can set your browser to reject cookies to limit targeted marketing. Carbonite also complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Safe Harbor Framework, which provide guidance on protecting personal information and legal actions in case of violations.

While privacy policies offer some level of protection, individuals can take additional steps to safeguard their privacy. Using virtual private networks (VPNs) can help counter targeted marketing, government surveillance, and hacking attempts by masking your IP address and location. For enhanced security, considering providers that offer zero-knowledge encryption, where only the user possesses the encryption key, can ensure that even the company hosting the data cannot access it without the key. provides further recommendations and alternative cloud storage options for users concerned about their privacy.

In summary, understanding and reviewing privacy policies, utilizing VPNs, and considering zero-knowledge encryption options can help individuals protect their private information in cloud storage services.


This is box title

What Cloud Security Really Means — Confidentiality and Privacy

Cloud security is a critical concern for organizations considering storing data in the cloud. The primary focus of cloud security is ensuring the confidentiality and privacy of data. Confidential data refers to sensitive information that is not meant for public consumption, while private data is subject to even greater protection. Breaches of confidentiality can occur accidentally or intentionally, both internally and externally. Similarly, privacy breaches can occur through accidental or purposeful actions, compromising personal information. Notification of breaches is generally not mandatory.

Information security plays a crucial role in protecting confidentiality and privacy in the cloud. It encompasses technical security and logical access controls. Technical security pertains to the configuration and physical security mechanisms of the technology, while logical access controls determine data access within the system. Both aspects should adhere to required standards and best practices. When choosing a cloud service provider, it is important to ensure that they have implemented robust information security infrastructure and policies.

Privacy compliance is particularly complex as it often depends on the jurisdiction of the affected individuals rather than the organization’s location. Compliance requirements, fines, and remediation procedures vary accordingly. Therefore, it is essential to understand the privacy compliance capabilities of the service provider and obtain necessary assurances, especially when dealing with regulations like HIPAA and PCI DSS.

While cloud service providers generally have strong information security capabilities, breakdowns in cloud security are often attributable to the customer’s actions. Organizations must take responsibility for the technical and procedural aspects of cloud security. Configuration errors or inadequate training within the organization can lead to breaches. Identifying which data is subject to specific requirements is crucial for securing it appropriately and effectively communicating those requirements to the cloud service providers.

Protecting privacy is vital to safeguard an organization’s reputation. Breaches of privacy typically require notification, resulting in potential fines, penalties, and remediation costs. These consequences are often imposed on the organization that owns the data rather than the cloud service provider. Therefore, organizations must prioritize data protection to avoid reputational damage and financial liabilities.

For further inquiries, comments, or feedback, you can contact Donny Shimamoto via email at or by phone at (866) 737-9991 ext. 200.


This is box title

Best Privacy-First Cloud Storage Services

Cloud storage services like Dropbox, Google Drive, and Microsoft OneDrive have become popular for their flexibility, speed, and affordability. However, when using these services, you are entrusting them with the security and privacy of your data. While they encrypt your data, they also have the ability to decrypt it, potentially compromising your privacy. This has led to a demand for cloud storage services that prioritize privacy and security.

Secure cloud storage services provide you with control over the encryption and decryption keys of your data. This means that even if compelled by authorities or hacked by third parties, the service cannot access your data without your encryption keys. These services employ various techniques, such as secure facilities and advanced encryption algorithms, to enhance the security of your data.

Several secure cloud storage services have been reviewed, including:

1. NordLocker: It offers encryption and cloud storage capabilities, allowing you to encrypt files in a special folder called a locker. NordLocker provides its own secure cloud storage and is compatible with other services.

2. Tresorit: This service utilizes end-to-end encryption and offers comprehensive features for individuals, teams, and businesses. It is compliant with various data protection regulations and provides tools for managing user data.

3. It offers zero-knowledge cloud storage based in Canada. provides secure storage, unlimited bandwidth, and team-oriented features, making it suitable for businesses.

4. Nextcloud: Unlike other services, Nextcloud is an open-source system that allows you to store data on your own servers or third-party servers. It is versatile, expandable, and offers features like document sharing, email management, and calendar synchronization.

5. Mega: This popular cloud storage service offers consumer-oriented zero-knowledge encryption and provides desktop and mobile clients for major operating systems. Mega includes a free plan with 15 GB of storage and offers business plans with unlimited storage and additional features.

When choosing a secure cloud storage service, it is important to consider the country where the service is located and where your data is stored. Different countries have varying data protection laws, so opting for a service based and storing data in a privacy-friendly jurisdiction is advantageous.

To ensure data security, encryption should be implemented during data transit and while data is at rest. Transport Layer Security (TLS)/Secure Sockets Layer (SSL) encryption safeguards data during transit, while encryption algorithms like Advanced Encryption Standard (AES-256) can be used to protect data at rest. The most secure approach is for users to control the encryption keys, encrypting data before it leaves their devices.

Overall, secure cloud storage services prioritize user privacy and provide enhanced security measures to protect sensitive data.


This is box title

How secure is cloud storage | Dropbox, OneDrive, Google Drive & iCloud

Backing up data online with a cloud storage service is a popular method of protecting important files, photos, videos, and music. This article examines the security of four well-known cloud storage services: Google Drive, OneDrive, iCloud, and Dropbox.

Google Drive offers easy and efficient data backup to the cloud, with free storage options available. However, concerns have been raised about the service’s security due to its association with the NSA’s PRISM surveillance program. Google Drive encrypts data during transmission using TLS encryption, which is highly secure. Data is also encrypted while in transit within Google’s network and at rest on their servers, using 128-bit encryption. While Google retains the encryption keys, they claim to respect user ownership and privacy, although they can use the content for improving their services and may comply with legal requests for data.

OneDrive, provided by Microsoft, also offers 5GB of free storage. Data transmitted to OneDrive is protected with robust TLS encryption using 2048-bit keys. Microsoft encrypts data at rest for business users, but it’s unclear if the same level of encryption is provided for free users. Encryption is on-the-fly, with AES 256 encryption compliant with FIPS 140-2 standards. However, being a closed-source service, it’s impossible to independently verify the level of security. Microsoft’s privacy policy allows data access for service improvement and compliance with legal requests.

iCloud, Apple’s cloud storage service, utilizes TLS 1.2 encryption with Forward Secrecy to protect data in transit. End-to-end encryption is available for some data, such as iMessages and FaceTime, but not for individual files transmitted to iCloud. Data at rest is stored using AES-128 encryption. Apple’s privacy policy permits access to data for improving services and compliance with legal requests, including pre-screening or scanning for potentially illegal content. While the level of snooping is unclear, Apple’s past collaboration with the NSA raises concerns.

Dropbox, a popular cloud storage service, uses secure TLS connections protected with AES-128 encryption during data transmission. Data at rest is stored with AES-256 encryption. However, Dropbox lacks end-to-end encryption and holds the encryption keys, posing a security risk if accessed by the company or compromised by hackers. Dropbox has implemented security measures like dual-factor authentication and monitoring for unusual activity. The privacy policy states that user data remains theirs, but Dropbox has permission to scan the data.

In conclusion, while these cloud storage services provide some security measures, none of them offer true end-to-end encryption, which limits their overall security. Users should consider using open-source services with end-to-end encryption to ensure a more secure online data storage solution.


This is box title

Cloud Compliance and Data Privacy: What You Need to Know

The given text discusses the impact of cloud migration on data privacy and compliance. It highlights the growth of personal data collection by organizations and the introduction of data protection regulations like GDPR and CCPA to safeguard privacy. The challenges faced by organizations in managing data privacy and compliance in complex cloud environments are explored. The text emphasizes the benefits of cloud computing for enterprises and explains the interrelated concepts of data privacy, data protection, and compliance. Specific challenges related to data migration, visibility, access requests, and security in the cloud are discussed. The importance of data residency and transfer compliance is emphasized, along with the need for comprehensive data visibility and inventory management. The text also addresses the right-of-access requests and the distributed approach to software design for enhanced data security. It emphasizes the significance of investing in the right tools, such as NetApp Cloud Compliance, to navigate evolving privacy laws and ensure compliance in dynamic cloud environments. The tool offers data mapping, reporting, and AI-based features to assist with CCPA and GDPR compliance, including generating access reports, identifying privacy violations, and providing insights on data storage locations.


This is box title

Understanding data privacy and cloud computing

Understanding the Risks of Data Privacy in Cloud Computing

As a corporate general counsel responsible for managing risks associated with a multinational corporation, it is crucial to comprehend the legal landscape related to your company’s activities. With the widespread use of electronic communication and the high costs of maintaining an internal IT infrastructure, cloud computing has emerged as a solution for storing and transferring electronic data efficiently and cost-effectively. However, cloud computing introduces challenges related to data privacy and protection, particularly when data is dispersed across servers located worldwide. This article provides an extensive overview of the factors that corporate counsel must consider before engaging cloud computing services and allowing data to be stored and accessed across international borders.

Data privacy and protection laws primarily aim to safeguard personal information within a country’s jurisdiction. These laws govern how entities and individuals can process data, including collection, preservation, organization, storage, and usage. When utilizing mobile devices for business purposes, scenarios may arise where data from a Mexican citizen working in Canada is stored by a cloud computing provider based in Brazil. In such cases, the data privacy statutes of all three countries become relevant. Corporate counsel must actively track the movement of electronic data across borders to ensure compliance with these laws.

Consent is a central focus of most data privacy regulations. Generally, employers (data users) must obtain explicit consent from employees or customers (data owners) before processing their personal information. It is important to understand when and how to obtain consent from data owners, as requirements vary by jurisdiction. For instance, Spanish law mandates written express consent from data owners, which can be revoked at any time. If your company has employees in Spain or another country with stringent data privacy laws, consent from each individual should be obtained, and caution exercised when storing personal information in the cloud.

Certain data privacy statutes provide exceptions to the consent requirement for the processing of personal data during judicial proceedings or to fulfill legal obligations. For example, Argentina’s data privacy law permits cross-border transfers of personal data only to countries that offer similar data protection, unless specific conditions are met, such as obtaining express consent or executing a data transfer agreement with regulatory guidance. Understanding these exceptions is crucial to ensure compliance.

In addition to consent, it is essential to comprehend the security and reporting requirements imposed by data privacy regimes. For example, Mexico’s data protection law mandates adherence to industry-standard security measures and requires prompt notification to data owners in the event of a data breach. Similar reporting obligations exist in other jurisdictions, emphasizing the need for effective communication processes to inform employees or data owners of potential security breaches when utilizing cloud computing services.

Different countries may have varying requirements for the registration and authorization of data users and databases. Argentina’s data protection law, enacted before the widespread use of cloud services, lacks clear guidance on the extent of its registration requirements for cloud-based systems reaching into the country. Understanding these obligations is crucial when establishing cloud services that may extend beyond national borders.

Certain countries, such as Uruguay, permit cross-border transfers of personal data within a group of companies without additional authorization if a code of conduct is registered with the relevant data protection authority. For multinational corporations, it is essential to research such requirements before storing electronic data in the cloud.

Finally, understanding the enforcement mechanisms and potential penalties associated with data privacy regulations is crucial. Mexico, for instance, has established the Instituto Federal de Acceso a la Información (IFAI) to enforce data protection regulations. IFAI has the authority to monitor compliance, respond to data owner complaints, and impose sanctions for non-compliance. Compliance with data privacy regimes and proactive measures to mitigate risks are crucial to avoid significant penalties.

To ensure prudent decision-making regarding cloud computing services and the storage of electronic data, four core issues should be carefully examined: data security, data location, data oversight, and data control. Evaluating the sensitivity of the data being stored,

understanding legal jurisdiction and data protection laws based on the cloud provider’s servers and primary users, examining the provider’s policies for intrusion detection and security audits, and identifying who has access to the corporation’s data are critical steps. Additionally, establishing processes for gathering and processing responsive data in legal proceedings or investigations, including consent forms and consultation with outside counsel, is crucial for compliance.

By comprehensively considering these four core issues and gaining a deep understanding of the data privacy and protection laws applicable to your corporation’s data, the risk of non-compliance and severe consequences can be mitigated.


This is box title

What Is Cloud Storage, and Why Should You Use It?

Cloud storage is a popular method of storing data using the internet instead of local computers. Companies like Microsoft, Apple, and Google, along with smaller providers, offer this service for a fee. Cloud storage allows users to store files on remote servers accessed via the internet. It provides the convenience of accessing files from anywhere and any device by logging into the service. Additionally, some cloud storage services enable online viewing and editing of files, such as documents and spreadsheets. The advantages of cloud storage include saving space on local drives, creating file backups, saving money compared to buying additional hard drives, and having access to files from anywhere. Continuous synchronization ensures that files are updated across all devices. However, cloud storage also has drawbacks, such as the need for a reliable internet connection and potential security risks associated with storing sensitive data online. It’s important to choose a reputable service provider and be cautious about the privacy policies of cloud storage services. Despite the drawbacks, the benefits of cloud storage make it a popular choice for many users.


This is box title

5 cloud storage privacy questions to ask potential providers

Data confidentiality and privacy are crucial concerns when it comes to cloud computing. However, many providers lack transparency in this regard. To ensure the security of your data, it’s important to ask potential cloud storage providers the following questions:

1. How do you handle data privacy and what measures do you have in place to protect customer data?
2. Who has access to my data, and how do you ensure that it remains confidential?
3. Do you encrypt the stored data, and who holds the encryption keys?
4. Under what circumstances would you disclose customer data to third parties, such as government agencies?
5. What specific services or features require access to my data, and how is this access managed?

Most cloud storage providers have vague privacy policies that lack specific information. For example, Dropbox’s privacy page provides extensive details without clearly addressing who can access and use customer data. Users often assume that their files are secure and private, but this may not be the case.

Dropbox, for instance, disclosed that it provided content in response to search warrants during a specific period, indicating that they hold the encryption keys. Furthermore, their terms of service state that they can access, store, and scan user data to provide various features, with permission extending to their affiliates and trusted third parties.

To ensure cloud storage privacy and security, it is crucial to ask these questions to potential providers. Unfortunately, clear answers to these questions are not readily available in Dropbox’s privacy, terms of service, or transparency pages. It is advisable for enterprises to conduct thorough research before using such services.

However, some lesser-known cloud storage vendors like Tresorit, SpiderOak, and pCloud have implemented zero-knowledge services. These providers encrypt customer data files on the user’s PC, ensuring that only the customers themselves possess the decryption keys. By doing so, these vendors address many of the privacy concerns associated with cloud storage.

It’s important to note that the information provided in this text was last published in October 2019.


This is box title

Cloud Storage Privacy – What’s Really At Stake

Cloud storage services have brought the issue of privacy to the forefront. While the privacy policies of big-name vendors like Google, Microsoft, Apple, Dropbox, SugarSync, and SpiderOak are similar in acknowledging that they don’t own user data and promise not to access it, there are some differences among them. Google has a single terms of service and privacy policy for all its services, while Microsoft’s terms of service use plain language. Apple goes further by exercising censorship and can delete objectionable content without prior notification. Dropbox, being solely focused on cloud storage, has more vague language in its terms of service. However, the real concern lies in how these services handle law enforcement, government agencies, and lawyers. They comply with law enforcement requests without necessarily notifying affected customers, which raises privacy concerns. Encryption plays a crucial role, with SpiderOak encrypting data and handing the key to customers, ensuring transparency. Copyright protection is another gray area, as cloud storage users can potentially share copyrighted material, making them susceptible to legal action. To prevent such problems, cloud storage providers could implement identification systems to identify copyrighted material, similar to what Google does on YouTube. Ultimately, trust becomes the key factor in selecting a cloud storage provider, as users should believe that the vendor will prioritize customer privacy.


Leave a Comment