PUBLIC bodies across Scotland are to be given the capability to outsource computer storage of sensitive information, raising fears that private data including health records or bank details could become vulnerable to hackers.
The Scottish Government is advertising a contract worth up to £20 million to provide IT equipment that is compatible with 'cloud computing', meaning information would be stored by third parties potentially thousands of miles away and accessed through the internet, rather than on an organisation's own hard drives.
Ministers have said it will be up to individual bodies including health boards, colleges, courts and councils to decide how they use the new laptops, computers and other gadgets that will be bought through the new contract over four years, and whether they shift towards storing data on the cloud.
However, Government guidance to public sector bodies distributed earlier this year described cloud computing as a "priority option" and said the technology could save cash, increase productivity and improve energy efficiency.
The move to spend millions of pounds on cloud-ready kit has raised fears that a significant shift in strategy is taking place by the back door, with the public unaware of potential risks or privacy implications.
The same Government strategy document acknowledged security risks associated with trusting a third party organisation with holding data, while also indicating that storing information overseas would mean it could fall under the control of foreign governments.
Jim Killock, executive director of the Open Rights Group, said that if data was physically stored in America, controversial laws such as the Patriot Act or Foreign Intelligence Surveillance Act would effectively mean sensitive information was being put into the hands of US security services.
Mr Killock, whose organisation is committed to protecting rights in the digital age, added: "It would be sensible to have a wider public debate rather than just putting these things out to tender and awarding contracts. This should be debated on the floor of the Scottish Parliament where a discussion could take place about what these changes really mean.
"The danger is that we just see these things as bureaucratic and technical, when the truth is that everybody’s privacy and data is potentially at risk. There needs to be clear accountability and debate."
The Scottish Government believes that despite new security implications, moving to the cloud can offer benefits to public bodies, with some already making use of the technology and many members of the public using it regularly through popular applications such as Dropbox and Google Drive.
Dundee University is on course to save £500,000 in the coming years after shifting to a cloud-based email system, allowing it to cut administration, maintenance and staffing costs.
However, there have been fears that hackers could potentially gain access to huge swathes of information with a single successful cyber attack, as data from hundreds of organisations could be stored in one location. Other potential pitfalls include the need for a constant internet connection, potentially leaving data inaccessible from remote locations.
Willie Rennie, leader of the Scottish Liberal Democrats, backed calls for a public debate. He said: "The Government should be more sensitive to this really important area of controlling and storage of information. It affects everyone in their daily lives and there is great anxiety that the Government does not take this seriously enough."
A Scottish Government spokeswoman said the contract was not about the storage of data on remote third party servers, but would provide a "no commitment framework" to provide hardware that would help public sector bodies access cloud-based services.
She added: "The way in which these devices are deployed, managed and secured will be a decision for each organisation."
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel