Risk of privacy loss assessment of cloud storage services

Abstract

Cloud storage services have promising characteristics for personal and corporate use as consumers' data can be stored on shared pools of storage hosted by cloud providers, while consumers can access and manage their data anywhere via an Internet connection. Nevertheless, protection of data privacy is one of the major issues, and at the time of storage service selection, prospective consumers are concerned with how the cloud storage providers handle their personal data. To help a consumer with storage service selection, this paper proposes a methodology to assess the risk of privacy loss when consumer data are stored with a particular cloud storage service. The risk of privacy loss is viewed from two aspects. First, sensitivity of the personal data to be stored in the cloud and sensitivity of consumers' personal data requested at the time of service registration can contribute to the risk. Second, lack of privacy control transparency can be a risk factor if the cloud storage provider inadequately show the necessary privacy principles that are practiced. The proposed methodology can assist the consumers when determining the risk levels of privacy loss of different cloud storage services. We present the application of the methodology to a case of an organization selecting a cloud storage service to host its corporate data.