5 Worst Countries for Cloud Computing:
"We are actively and aggressively pushing for ECPA reform," Hopfensperger says. "We really think the time has come to amend a 1986 law that no longer really reflects the technological realities today."
The head of the Senate Judiciary Committee, Vermont Democrat Patrick Leahy, has indicated that he plans to work to advance ECPA reform legislation in the new session of Congress.
Of the constellation of policy issues that affect the spread of cloud services, Hopfensperger says that none is of greater concern than security and privacy, stressing that consumers and businesses alike will be reluctant to shift data to the cloud unless they are confident that their information will be adequately protected from cyber attacks and not exploited for purposes that they would consider invasive.
"Privacy and security are probably talked about more than any other [issue] for a variety reasons. But they are really two sides of the same coin," he says. "Both are key to engendering trust in the cloud. Obviously, cloud computing does no good if people don't want to put their data in the cloud."
While the path forward for privacy legislation in the United States remains far from certain, the October 2012 passage of a privacy law in Singapore helped vault that country five spots in the BSA's cloud rankings, moving up from No. 10 to No. 5, making for the biggest single gainer in the scorecard.
The BSA praises Singapore's law for taking a "light-touch" approach that codifies a set of principles intended to affirm individuals' right to control their personal information, while at the same time acknowledging that cloud providers have a legitimate need to collect, use and even disclose that data in certain cases. That type of flexible approach, rather than overly prescriptive regulations, is critical to nurturing a regulatory environment that fosters the expansion of cloud-based services, according to the BSA.
Singapore "took a big step in 2012," Hopfensperger says, "because they adopted a privacy law that balances the important consumer protections with the need for companies to be able to move data and continue to innovate."
In contrast, each of the European Union member countries that the BSA evaluated in its scorecard slipped at least one place, owing in large part to the uncertainty associated with an ongoing effort to reform the body's privacy laws. That debate has aired proposals that alarm the BSA and some of its member companies, including the imposition of "new administrative burdens" and limitations on providers' ability to review data for security purposes, rather than the risk-based, contextual approach to data protection that the group advocates.
The BSA also warns against protectionist policies that favor domestic cloud providers while subjecting foreign companies to bureaucratic and operational requirements.
Sign up for CIO Asia eNewsletters.