The ICO has produced guidance on using Cloud computing and it is possible to continue using this. However, you would need to undertake significant checks to see what a provider’s level of security is and who/how they share personal data. The problem with cloud storage is that, even although an accidental sharing or loss of data may be the fault of the provider the responsibility remains with the owner of the personal data (Data controller) in this case the church. The risk will be determined based on the type of data stored and whether loss, accidental deletion or unauthorised access is likely to result in a risk to people’s rights and freedoms. A personal data breach may have a range of adverse effects on individuals, which include emotional distress, and physical and material damage. there would be when a personal data breach has occurred, you need to establish the likelihood and severity of the resulting risk to people’s rights and freedoms. a risk of distress or harm caused to individuals if personal data is stored.

The Union has not included any specific guidance relating to cloud computing but recommend strong passwords are used, and changed regularly, ensuring different passwords are used for different files/sites. Cyber security is a bit of a minefield and the union has tried to adopt a common sense approach to matters rather than complicate things. Recommendations for strong passwords include a mix of alphanumeric characters with numbers, symbols and capital letters helps to strengthen a password.

Should personal data be lost or hacked then having it password protected is a level of mitigation should there be a serious breach and it has to be reported to the ICO.