Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco in the cloud and EU data protection law

Not applicable

‎06-25-2012 10:30 AM

Hi,

I'm evaluating Alfresco in the cloud for my company in Spain. However before even considering Alfresco-Cloud as a potential solution, I need to know if Alfresco Software Inc. (which is, if I understand correctly, the company offering the Alfresco in the cloud service) complies with EU Data Protection law.

As you might know, if I upload documents into Alfresco in the cloud, and those documents contain personal data about my employees or my customers, EU data protection law requires that the service provider complies with EU data protection law, in the sense that the provider has access to the data (and, if the provider does not comply, my company would be breaking the law).

As far as I know, being Alfresco Software Inc. an American company, the only way to comply with EU data protection law is to be in "US-EU Safe Harbor list". And, unfortunately, I can't find Alfresco in the list (you can access the list in https://safeharbor.export.gov/list.aspx).

Therefore I'm immediately tempted to conclude that Alfresco Software Inc. (regarding the "Alfresco in the cloud" product) does not explicitly comply with EU data protection law, and therefore that I cannot pick Alfresco as a cloud provider. I would love to be proven wrong …

Thanks for your help!

Rodrigo

P.S.: A way to prove me wrong could be to point me to some info where Alfresco guarantees that, in no way whatsoever, can it access my docs stored in the cloud
Labels:
0 Kudos
4 REPLIES 4

mrogers
Star Contributor
Star Contributor

‎06-25-2012 11:56 AM

I'm not an expert but.
 
a) The docs are encrypted, employees do not have access.   
b) And I believe the docs are resident in Ireland.
c) Alfresco is a UK company.   Yes there's a US branch (along with several others)
0 Kudos

Not applicable

‎06-25-2012 01:35 PM

Thanks for your reply. But I'm not so sure:

- If the docs really are encrypted and nobody in Alfresco can access them under any circumstance, then that would certainly solve the problem. But I'm not sure about that. For example, to use an external example, Dropbox says that the documents stored within Dropbox are encrypted, but, in some circumstances (for example if required by the US government), they CAN access the documents; therefore in this case Dropbox, as an American company, would need to be under the Safe Harbor. In Alfresco, are the documents encrypted under any circumstance, no matter what?

- Even though Alfresco is a UK company, the "alfresco in the cloud" service seems to be offered by "Alfresco Software Inc.", an American company (besides, the pricing is in dollars, that's an indication that the service is offered by the American branch) - therefore the American branch needs to be under the Safe Harbour

- The fact that the docs are stored in Ireland is clearly a plus, but if they are "controlled" from the US, then it's not enough …

In any case I do know that this issue is maybe too specialized … Maybe an Alfresco lawyer could be invited to pitch in?

Rodrigo
0 Kudos

sacreman
Champ in-the-making
Champ in-the-making

‎06-26-2012 05:23 AM

Hi,

Bit of confusion around some of this.. The Cloud product is hosted in the US (east coast).

The documents are encrypted at rest but obviously the servers need to decrypt the content in order for customers to be able to get their data (otherwise nothing would work).

I've forwarded this post on to someone a bit more knowledgable regarding safe harbor so hopefully they can comment.

One extra bit I would throw in.. we are actively engaged in obtaining SOC 2 accreditation for the Cloud product. Once certified those documents should go a long way towards proving the security around using the service.

Thanks,

Steven
0 Kudos

jamesfletcher
Champ in-the-making
Champ in-the-making

‎07-16-2012 11:07 AM

In any case I do know that this issue is maybe too specialized … Maybe an Alfresco lawyer could be invited to pitch in?
Rodrigo,

I've been in touch with our lawyer to discuss and we've actually added this information to the FAQ section of the cloud page on our website - as it is relevant when choosing the right solution.

Is Alfresco SafeHarbor certified?

Alfresco in the cloud is provided by Alfresco Software Limited - a UK company which complies with EU data protection standards. Alfresco in the cloud utilizes Amazon Web Services for data storage and Amazon is certified for SafeHarbor [1]. The Safe Harbor framework is a program that provides a way for US companies to show that they  adequately protect personal data according to EU standards.  Therefore any transfers of personal data that occur while using Alfresco in the cloud are permitted under the European Commission's Directive on Data Protection. Further information about the Safe Harbor program is available on the U.S. Department of Commerce's Website [2].

[1] http://aws.amazon.com/privacy/
[2] http://export.gov/safeharbor/eu/eg_main_018365.asp
Please let me know if this would be a sufficient answer for your question.

Many Thanks, James Smiley Happy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC