The Houses of Parliament want to move to Microsoft Office 365, and will mitigate the risk of the US Patriot Act by making contractual agreements to ensure sensitive data sits in Europe.
At the Cloud World Forum in London Olympia today, the head of parliamentary ICT at the Houses of Parliament, Joan Miller, told delegates that the houses have been looking into moving over to the cloud for the last two years.
Further reading US government will take your data even without the Patriot Act Google recalled to parliament to clarify tax questions GCHQ taps ALL transatlantic network traffic, says investigative journalist Duncan Campbell
As part of that move, Miller claimed that as both houses were Microsoft shops, it would make sense to move to Microsoft 365.
"Our intention is to move to Microsoft 365 and we believe that we can keep our data in the EU, meaning that the risks are low because [the data] falls into European legislation," she said.
Miller had said that there were benefits and pitfalls to moving to cloud services, and one of those was the temptation for other people to "hoover up data and gain information from us".
"That relates to the sensitivity of data and we don't think it is a problem, but the biggest problem we have is we put our data anywhere in the world and we don't know where it sits, and we don't know the legislation that enables a country to view the data," she explained.
Miller emphasised that the Houses of Parliament are independent, and are not controlled by government.
When asked how the Houses of Parliament can ensure that the data stays within the EU, Miller said that it was looking for contractual agreements that would ensure that the data remains in Europe.
"We are in discussions with suppliers. We have different sorts of data, if it is open data that is already available on public facing websites it doesn't matter, but sensitive data like e-mail systems and Microsoft Office files need contractual agreements to manage where the data sits," she stated.
The head of parliamentary ICT said that the US Patriot Act, which enables US authorities to seize data if they think it's in the country's national security interests to do so, is not a threat as long as the Houses of Parliament can come to contractual agreements about where datasets sit.
"We looked very closely with our lawyers and American lawyers at how the Act relates to us. We are worried about legal interference with our data, so we asked what would happen if our data would be subject to an inquiry request, and we were given a confident reply that in the EU there would be different regulations than there would be if the data sat in America. The truth of that is a judgement not a certainty, because there is no precedent to look at," she said.
"We would do contractual spot checks and we would be relying on a good partner and a contract. But [moving to Microsoft 365] is not just a risk, it is an opportunity to be more mobile and to save costs," she added.
