Fran Maier is the president and executive chair of TRUSTe , the leading online privacy solutions provider. She speaks widely on issues of online privacy and trust and is active in mentoring women in technology. She serves on a number of Internet and trust-related boards, including the Online Trust Alliance

It’s a great time to be a cloud consumer. Now you can access all of your digital information – when and wherever you want – across a variety of cloud compatible gadgets (iPad, Kindle, etc.). You can store your music collection in iCloud, you can share work and personal documents over Box.net, and you can do your expenses on Expensify — the list only goes on.

Despite its convenience, you must consider the cloud’s privacy implications. Who owns your personal information once you’ve uploaded it? Does the cloud provider have any rights to your data once it’s uploaded to the server?

The answer is that cloud privacy is still evolving.

Most consumer cloud services recognize that the user retains ownership of the data once it is uploaded.

Facebook’s terms of service state: "You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings."

Similarly, Google’s Gmail Intellectual Property Notice states that: "Google does not claim any ownership in any of the content, including any text, data, information, images, photographs, music, sound, video, or other material, that you upload, transmit or store in your Gmail account. We will not use any of your content for any purpose except to provide you with the Service."

Of course, both Google and Facebook would retain some rights in these instances, but they have clearly stated their obligation to keep the user’s uploaded data private and secure. However, the question remains how those privacy and security obligations should be defined — and under which international laws.

Such privacy boundaries have never been explored, which presents a topic of much debate amongst policymakers and regulators. We even lack a global standard for online privacy, let alone cloud privacy. Often, the inherent nature of cloud computing makes it difficult to determine whose laws apply, especially when data is uploaded in one jurisdiction and processed in another. However, the EU will announce new regulations for cloud service providers this fall – and will be the first jurisdiction to do so.

The U.S. still lacks comprehensive data privacy laws or cloud regulations. But recent enforcement actions by the FTC demonstrate that regulators have the consumer protection authority – even outside an overarching federal privacy law — to take action against companies that don’t live up to their privacy terms of service. Lawsuits consider whether the cloud user has adequate notice of how the service was appropriating his data.

The Supreme Court has been addressing the cloud privacy issue on a case-by-case basis. In City of Ontario v. Quon (2010), justices decided that there is no expectation of privacy for an employee-provided mobile device connected to an employer’s cloud service. This term, the Supreme Court will analyze the privacy issues surrounding GPS-surveillance by law enforcement in US v. Antoine Jones. The case raises interesting questions when applied to similar GPS technology found in consumer cloud-based services (Google Maps, Foursquare), and their appropriate privacy obligations.

The FTC and other global regulators are also looking closely at data portability, the ability of a user to easily transfer data from one cloud service to another. As consumers start storing more of their personal data online, they will also want to be able to move it around online more easily too. It’s likely that in the future, data portability will be a must for consumer cloud providers. Some cloud providers are attempting to work toward the idea with, for example, the Open Auth 2.0 authentication scheme supported by Google, Facebook, Microsoft, Yahoo and others.

In the meantime, what does this legal uncertainty mean for you and other cloud consumers? Should it inhibit us from enjoying cloud conveniences, like being able to store personal information and accessing it on a whim?

Definitely not. But it does mean we need to carefully select our cloud providers. Below are suggestions on how to navigate the consumer cloud while securing your private, personal information.

1. Think Before You Upload

Whenever you upload personal information to a remote server, note the privacy risk involved. Before you upload, assess whether you really want to store the information within a cloud service. Cloud storage is great for some applications – email, photos or entertainment; however, I don’t advise it for storing confidential data – birth certificates, tax returns and other important documents.

2. Know Your Provider, Your Provider’s Provider, and Their Policies

Before you decide to use a cloud service, examine its terms of service and privacy policy. Since most services are hosted by a cloud provider (e.g. Netflix is hosted by Amazon), it also makes sense to take a look at the privacy policy and terms of service of that secondary platform. The provider’s policy should be able to answer the following.

Who owns data once it’s uploaded to the service?

What rights does the cloud provider have over the data once it is uploaded?

Whose laws govern the contract? You may also wish to determine your consumer protection rights, which differ from state to state.

Are there any data portability rights (i.e. how easy is it to move your data from one service to another)?

What happens if you decide to terminate the service? Does the cloud provider retain your data and, if so, for how long?

Will the service deactivate your account or delete your data after a certain period of account inactivity?

Does the cloud provider allow relatives or designated individuals to request access to the data or to enable cancellation of the account in the event you become incapacitated or unable to access your account?

Does the provider have an independent third-party certification of their privacy and security practices to ensure that they adhere to their stated privacy notices and policies? Look for trust indicators like third-party certification seals when considering whether to use a cloud service provider.

3. Back It Up

Once you’ve decided on a cloud provider, always back up your personal data before you upload. This is especially true for those nostalgic files: family photos, home movies, etc.

4. Keep It Confidential

It’s a good idea to treat your cloud services account like you would your email account. User names and passwords should be kept confidential and changed often. Don’t share these passwords with anyone unless necessary.

Images courtesy of iStockphoto, thesuperph, Flickr, Frederic Poirot