NZ Post is confident it made the right choice to entrust email to the cloud, despite widely expressed reservations about public-sector data being stored overseas and despite the recent collapse in Google’s email services, which the organisation is piloting.
Post’s business enabling manager, Tracy Voice, echoed the view of several participants in a recent NZ Computer Society discussion on legal dangers of cloud computing – that privacy and security breaches are probably just as likely to happen on a local network or through physical loss of digital or non-digital media.
“We did a privacy impact assessment (PIA) with our legal people involved,” she says.
NZ Post decided on balance that Google’s security offered at least as much protection as the security measures of a New Zealand-based network.
Only email is entrusted to the cloud at present. NZ Post is still in the pilot stage, with only about 40 staff participating. There are no current plans to extend the cloud model to other data, Voice says, though Post will evaluate all models for future ICT services as they come up for renewal.
“All our document management is local,” Voice says.
Post did its own internal PIA and, Voice says, despite being a government-owned operation, it is not obliged to submit an assessment to the Privacy Commissioner.
Archives NZ discussed the impact of Post’s cloud processing in the light of the Public Records Act, but was persuaded that anything kept by Google would still meet the required standards of retrieval, Voice says.
Lawyer Michael Wigley, leading the NZCS discussion on the legal dangers of cloud computing, pointed to what he called “notorious examples”, particularly in the UK public sector, of “data being left in handbags and satchels and on USB sticks”.
He spoke before the latest New Zealand incident of a notebook revealing details of a possible merger between security agencies, dropped in a Wellington street by a Treasury official.
One participant at the meeting asked where NZ Post’s data would be stored and another, sounding knowledgeable, reassured the meeting that it went no further than Sydney.
This is not the case, Voice says.
“It might be in the US or Geneva or anywhere.” But Google’s demonstration of its security precautions was reassurance enough, she reiterates.
The Gmail failure cut off NZ Post’s email service only for about an hour, Voice says, and messages were buffered.
“That’s one of the great things about it; you can still go on working even when it’s down.”
Again, she says, an email outage is at least as likely to happen with a local service.