As larger organizations move toward SaaS, a few organizations are pushing back on this new model citing data privacy concerns. So, is data privacy a real issue? Or are IT managers reacting more to the lack of control than to data privacy? Let's do a few reality checks.First off, I've yet to hear about an incident where data existing in a hosted SaaS environment was compromised. However, I've heard about a lot of instances where data was removed from a company by employees saving information to memory sticks or DVDs. Moreover, the recent rash of laptop thefts has put data privacy problems on the front page, as criminals run off with confidential information including social security numbers and credit card information.

My point is that data privacy issues do not seem to be a concern in the world of SaaS as of yet, at least from the standpoint of real incidents. Indeed, most organizations have many more leaks to fix other than the hosting of data within a secure data center. SaaS won't fix data privacy issues you currently have, but nor will it add to the problem. Nonetheless, it is a concern in terms of perception.

In my experience, when it comes to SaaS and data privacy, organizations fall into three categories:

No Data Privacy Concerns

In some instances, there are no data privacy requirements. The application is dealing with information that's not private, and it's no big deal if it's compromised. While this scenario isn't typical, there are many applications out there with this data privacy characteristic. Of course, using SaaS is a clear option here since data privacy is not a concern.

Mandatory Data Privacy Concerns

In some instances, private data such as medical or financial information cannot be housed outside of a company. In a few cases this is a matter of law, but more typically it's a matter of policy. Either way, IT doesn't have the option of using SaaS, or if they do, they need to come up with some creative approaches to using data that is still locked behind the firewall. SaaS is typically out of the question with these types of requirements, at least for now.

Paranoid Data Privacy Concerns

This is the majority of potential SaaS users who won't use SaaS because they are just paranoid about shipping data outside the firewall. There is no reasoning with these guys, but I can understand why they are paranoid. These companies won't consider SaaS as an option, citing data privacy, but there are typically control issues there as well. They don't want to use the software if they can't hug the server. The number of these types of companies is shrinking fast, however, as SaaS becomes more politically correct within corporate America.

Application integration and service oriented architecture expert David Linthicum heads the product development, implementation and strategy consulting firm The Linthicum Group. Write him at [email protected].As larger organizations move toward SaaS, a few organizations are pushing back on this new model citing data privacy concerns. So, is data privacy a real issue? Or are IT managers reacting more to the lack of control than to data privacy? In my experience, organizations fall into three categories in their thinking about SaaS and data privacy.