Financial institutions should quickly adopt cloud computing technology to increase their competitiveness despite the lack of data protection laws, says a non-profit cloud computing promotion organisation.
Michael Mudd, chief representative of the London-based Open Computing Allliance, said existing regulations of the Bank of Thailand already govern information technology (IT) outsourcing services and protect personal data in the cloud.
Cloud-based services can be considered a type of outsourcing, he said.
“Organisations should use self-regulatory strategies instead of waiting for a data protection law,” said Mr Mudd.
Cloud computing could reduce IT investment and operating costs, enhancing business growth.
Mr Mudd said the banking sector is one of the top spenders on IT, but concerns over a lack of data protection laws have impeded the adoption rate of cloud technology in the sector.
He suggested banks, insurance companies, securities firms and state authorities use cloud computing risk assessment strategies with cloud service providers to ensure data security.
Cloud computing service providers, meanwhile, should provide transparent services on cloud-based data traffic by indicating in which countries the data will be stored. They should not sell customers’ data to other parties, particularly for marketing purposes.
Personal data protection is the top priority for companies choosing a cloud service provider, stressed Mr Mudd.
He also urged the Thai government to enact a data protection law quickly in order to prevent the misuse of personal information.
A law is needed for data breach notifications to curb the escalating number of breaches of consumer databases that contain personal information and is essential to prevent the interception of data, said Mr Mudd.
The growing adoption of cloud computing will also spur the development of cross-border information sharing, as data can be stored anywhere.