The New Zealand Privacy Commissioner has released a document discussing data and security implications for companies moving to the cloud.

Even though the report looks at the relative basics of cloud computing from an enterprise perspective, the guidelines it recommends still make interesting reading.

The key tenet from the research was that nobody else except the user is ultimately responsible for the information they put in the cloud. “If there’s a privacy breach, you’re going to be the one answering questions about what went wrong,” the report notes.

Yet in terms of security, the report advocates that users be clear on the different elements of security and whose responsibility they are; the user’s or the provider’s.

Above all, however, the report advocates that if all goes wrong, check the contract and the SLA and perform due diligence on the cloud provider. This is particularly key for …