Legal Issues in Cloud Computing
Strong legal protection is a critical aspect of giving clients the confidence to move to the cloud. Naturally, no company would want to trust its critical data or processes to the cloud unless it is assured of complete safety. There are a number of legal challenges and issues involved. Some of these are:
Liability – Is the cloud vendor liable for loss of business if his services are disrupted? Or is he liable to provide military grade protection to your data? Look at the service level agreement you are signing or accepting. It will state very clearly that you indemnify the vendor from any consequential claims.
Compliance – Who is responsible for compliance with the law – you or the vendor who is hosting your data/service? In numerous cases, it has been upheld that simply because you are using hosted services, you cannot transfer the responsibility for compliance with the law to the vendor. If you are storing medical data, then it is you and not the cloud vendor who needs to be HIPAA compliant.
Copyright – This issue flows from the previous one on compliance. If you are storing data or displaying it on your website, you are responsible to ensure that no copyright is violated.
Data Protection – There are legal issues asurrounding bout who is responsible for data protection. Different countries and even states have different laws on the subject.
Data portability – If you decide to shift your data to another location, is the vendor required to help you? Can they deny you certain data or meta data?
The fact of the matter is that existing rules are still struggling to catch up with the rapid advance of technology. Look at the image below, this clearly illustrates the widening gap between technology and the legal framework that looks to govern it. If the gap is increasing so rapidly, legal stability is still some time away.
When it comes to privacy and data protection, a detailed study reveals that most rules governing cloud computing have their genesis in the pre-Internet era when the issues involved were far simpler. What we are seeing now is a knee jerk reaction from States that are struggling to understand and regulate cloud computing.
European Union regulations on cloud computing are more restrictive than those in the US. There is a reform process underway but that will take some time to show results on ground.
Source: isaca.org
When it comes to entering into contracts with the cloud service vendor, remember that the agreement you ‘sign’ – even if you select the “I Agree” check box, is enforceable. Before you select the check box, read the terms carefully to see how much of the liability is the vendor going to assume. To give you an example of a comprehensive agreement, visit GMO Cloud’s Terms of Use.
You may want to include a clause on auditing services provided by the vendor. However, pause and think if a genuine audit can be performed with data being stored in diverse physical locations that could be hundreds of kilometers apart. Be wary of litigation if it involves vendors from different countries, as costs can be prohibitive.
What about illegal content? How liable is the cloud service provider and how liable is the person who stores the content? European law says that the service provider has no knowledge of the contents and hence cannot be held responsible provided they remove or block the illegal content when it is brought to their notice.
Be Part of Our Cloud Conversation
Our articles are written to provide you with tools and information to meet your IT and cloud solution needs. Join us on Facebook and Twitter.
About the Guest Author:
Sanjay Srivastava has been active in computing infrastructure and has participated in major projects on cloud computing, networking, VoIP and in creation of applications running over distributed databases. Due to a military background, his focus has always been on stability and availability of infrastructure. Sanjay was the Director of Information Technology in a major enterprise and managed the transition from legacy software to fully networked operations using private cloud infrastructure. He now writes extensively on cloud computing and networking and is about to move to his farm in Central India where he plans to use cloud computing and modern technology to improve the lives of rural folk in India.
