WASHINGTON -- When the city of Los Angeles migrated to Google Apps last year, city officials insisted that the deal include a requirement that its data remain in the U.S.
They didn't want to run the risk of city government data ending up on a server in a foreign country, outside the legal jurisdiction of U.S. authorities.
Such concerns about cross-border access to data don't yet seem to be hampering the growth of commercial cloud computing. In fact, at a Congressional Internet Caucus forum to discuss regulation and cloud computing, cloud vendors urged lawmakers to resist regulation to see how the cloud computing market evolves and adapts.
"It is premature for Congress to be pass legislation," said Dan Burton, senior vice president for global public policy at Salesforce.com, who spoke at Monday's forum at the U.S. Capitol.
Burton said that current data security policies and initiatives, such as the Safe Harbor certification program, appear to be working for providers and users of cloud-based applications. Cloud providers that sign up for the U.S. Department of Commerce's Safe Harbor program voluntarily pledge to follow the European Union's data protection principals.
"There is this creaking policy infrastructure which is holding up OK," said Burton.
Salesforce.com also knows from experience that businesses can work around cross-border concerns. The San Francisco-based provider of hosted CRM applications has, for instance, signed contracts with customers in Japan who are accessing data off of Salesforce.com data centers in the United States.
Nonetheless, Salesforce.com in filings with the U.S. Securities and Exchange Commission has warned investors that it believes "increased regulation is likely" in areas that could impact its business.
Meanwhile, Microsoft has been urging Europe to adopt a common set of data rules.
Jim Reavis, co-founder of the Cloud Security Alliance, who didn't participate in the forum, said in an interview that he sees problems ahead if officials don't resolve issues concerning the protection of data once it crosses international borders.
In Europe, in particular, there's a lot of concern about the reach of the USA Patriot Act, passed in response to the 9/11 terrorist attacks, which increases the ability of law enforcement to access data, said Reavis. The Patriot Act "is something that definitely gets debated hotly outside the United States," he said.
"There is a long-term risk that U.S. companies may need to move offshore if the laws in the United States aren't changed," said Reavis.
The Obama administration is proposing new data privacy laws that could affect some cloud service providers, but it hasn't proposed any cloud-specific laws.
Sign up for CIO Asia eNewsletters.