How To Protect Your Data In The Cloud



Similar documents
Jeanne Kelly, Partner Cloud Computing: The Legal Issues

LEGAL ISSUES IN CLOUD COMPUTING

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

The Keys to the Cloud: The Essentials of Cloud Contracting

Legal Issues in the Cloud: A Case Study. Jason Epstein

Cloud Computing. Patrick Van Eecke. Partner, DLA Piper Brussels Professor Universiteit Antwerpen

Checklist: Cloud Computing Agreement

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING

Legal aspects of cloud computing

Article 29 Working Party Issues Opinion on Cloud Computing

Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq.

Evolving Technology Issues: Cloud Computing

What should you watch out for in click-through cloud contracts? What are the most contentious issues in cloud negotiations?

Recommendations for companies planning to use Cloud computing services

Cloud Computing: Legal Risks and Best Practices

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Information Technology: This Year s Hot Issue - Cloud Computing

A Checklist for Software as a Service (SaaS) Vendors and Application Service Providers

The HR Skinny: Effectively managing international employee data flows

CLOUD COMPUTING UNDERSTANDING THE BUSINESS AND LEGAL ISSUES

Insights into Cloud Computing

Cloud Service Rollout. Chapter 9

Data Processing Agreement for Oracle Cloud Services

Data Privacy, Security, and Risk Management in the Cloud

M A N A G I N G C O N U S U L T A N T

Public Cloud Service Agreements: What to Expect & What to Negotiate. April 2013

Cloud Computing Contracts. October 11, 2012

Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union

Role of contracts in Cloud Computing an Overview. Kevin McGillivray Doctoral Candidate (NRCCL)

Managing Outsourcing Arrangements

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Best Practices for Sourcing Cloud Computing Services

TEN TIPS FOR NEGOTIATING SOFTWARE LICENSE AGREEMENTS

Evolving Issues for Healthcare IT Contracting

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Data Protection, Software Licenses and other Legal Issues in the Cloud

Cloud Computing and Data Protection Compliance - Experiences from Norway

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Emerging legal issues in Cloud Computing Clouds on the horizon?

Cloud Computing. Introduction

Application Programming Interface (API) Application (app) - The API app is the connector between epages and the developers service.

Services Providers. Ivan Soto

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Copyright 2014 Thomas Trappler All Rights Reserved

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Anatomy of a Cloud Computing Data Breach

EXIN Cloud Computing Foundation

Cloud computing. Advantages and disadvantages

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Markley Cloud Services Hosting Agreement

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Contracting for Cloud Computing

07/2013. Specific Terms and Conditions Mobile Device Management

(a) the kind of data and the harm that could result if any of those things should occur;

Advanced HIT Contracting Issues

OPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012)

Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham

CLOUD SERVICES SERVICE LEVEL AGREEMENT. Cloud Services

Isaac Willett April 5, 2011

LIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS

Checklist for Buying a Business

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations

Cloud Computing: The Wave of the Future

Data Protection and Cloud Computing: an Overview of the Legal Issues

ARTICLE 29 DATA PROTECTION WORKING PARTY

Client Alert. Global Information Technology & Communications Privacy, Data Protection and Information Management

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World

Validating Enterprise Systems: A Practical Guide

Technology Agreement Basics and Common Pitfalls

Baqqa Limited. Terms and Conditions

Overcoming SaaS Fears at the Enterprise Level

CLOUD COMPUTING GUIDELINES FOR LAWYERS

Cloud Computing Contracts Top Issues for Healthcare Providers

Cloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

A buyer can buy either the shares of the company that owns the target business or simply buy the assets which make up that business:

Negotiating EHR Acquisition Contracts

Questionnaire for the SaaS contract

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

Legal issues in the Cloud

Web Hosting & Development Agreements

GAIN CLARITY CRITICAL ISSUES. Your Data in the Cloud : Benefits & Risks GAIN CONTROL. berrydunn.com

2011 Morrison & Foerster LLP All Rights Reserved mofo.com. Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks

Refresher on cloud computing

Cloud Computing. Making legal aspects less cloudy. Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader

Cloud Security and Managing Use Risks

3 rd Party Vendor Risk Management

Select Internet. Standard Terms and Conditions relating to the supply of online backup services by Select Internet

Hans Bos Microsoft Nederland.

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Objectives. Agenda. Public clouds. A Primer on Moving to the Cloud HIPAA, Encryption, ediscovery, Oh My!

Prudential Practice Guide

AIRBUS GROUP BINDING CORPORATE RULES

CLOUD COMPUTING, TRADE SECRET / KNOW-HOW & EUROPEAN LEGAL FRAMEWORK

2012 Winston & Strawn LLP

The Cloud Computing Revolution: Beyond the Hype

Cloud Computing Security Issues

SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks

Transcription:

Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver

Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor e.g. Providing servers or platform Cloud User - consumer - business

Hot Topics Cloud Computing Contracts Vendor Lock-in Liability for Data Security and Loss of Data Service Level Agreements Privacy Regulations Third Party Access

Cloud Computing Contracts Most of the time standard contracts -> No opportunity for customers to negotiate terms Click-wrap agreements are binding! Sometimes contain extensive limitation of the Cloud Service Provider s liability Unilateral termination possibilities for Cloud Service Provider Outsourcing possibility for the Cloud Service Provider: what about liability? No audit of the cloud possible

Vendor Lock-in Transfer of data Compatibility and Interoperability Vendor lock-in What if the Cloud Service Provider goes bankrupt? What happens with the Data after the termination of the agreement?

Liability for Data Security and Loss of Data as is software performance warranty Standard approach: excluding liability for security of any data and provide that the customer retains full responsibility for data safety Legal requirement to keep data secure Consumer law: prohibition to inappropriately excluding or limiting the liability of the seller or supplier

Liability for data security and loss of data (2) Exclusion of certain types of damage Indirect damage (loss of profits, reputational damage, loss of goodwill, etc.) Direct damage (loss of data) no exoneration for fraud! exoneration for serious error or negligence is allowed if explicitly determined in the contract Cap on the amount of indemnities Limitation in time for indemnity claims Exclusion of financial compensation only reparation Force majeure: (power cut, strikes, failure of telecom services, third party failure, etc) Not only natural disaster but often any event beyond control of Cloud Service Provider

Service level agreements -> often little room to negotiate SLA (depends on volume, own private cloud) Availability of the service Speed of the service Capacity Efficiency Availability of the help desk Maintenance time Etc. Who determines whether the service level was met? Compensation? Service-credits (= credit on next invoice) Other indemnities? Root cause analysis after any service failure? Right to terminate?

Privacy regulations Controller: determines the purposes and means of the processing of personal data. Processor: processes personal data on behalf of the controller. triggers responsibilities and obligations Problem: In the cloud computing context, the roles of controller and processor become blurred Solution: contract should clearly define the role of the provider and the role of the customer and the associated liabilities

Privacy regulations (2) Transfer of data outside the EU: ONLY if the country in question ensures an adequate level of protection Problem: Data that is stored in the cloud could be transferred outside the EC; location may be unknown Solutions: - safe harbor and model data transfer clauses - consent by the data subject - ensuring adequate level of protection in the technology itself

Third Party Access Protection of trade secrets and privileged information Who has access? How is access protected? Can Cloud Service Provider accommodate audit trail or record hold requests and implement them? What will the Cloud server provider do in case of? - Subpoenas - Criminal investigations - Search warrants/possible seizures - E-discovery - > immediately contact Cloud User or allow access?

The Contract 1) Identification of the Cloud Service Provider: who, where, auditing, security certificates, outsourcing -> due diligence 2) Specification of the service I. Price II. SLA III. Remedies 3) Data protection and security I. Who is controller and who is processor of personal data? II. Interoperability and compatibility III. Backup of the data data restoration IV. Access protection 4) Liability of the Cloud Service Provider: what is excluded? 5) Termination of the agreement I. By both parties? II. What happens with the data?

CONCLUSIONS Until security, privacy and legal issues surrounding cloud computing are better settled, companies seeking the benefits of cloud computing may wish to utilize a more conservative approach, particularly for highly sensitive and personally identifiable data: contract with Cloud Service Providers that give sufficient contractual guarantees

QUESTIONS? LORENZ STEVEN DE SCHRIJVER REGENTLAAN 37-40 BOULEVARD DU RÉGENT 1000 BRUSSELS T. 32 2 239 2000 - F. 32 2 239 2002 S.DESCHRIJVER@LORENZ-LAW.COM WWW.LORENZ-LAW.COM 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information