Cloud adviser: Where's your data?
Be sure your contract specifies where your data can be located and obligates the cloud provider to tell you when the data has been disclosed to a third party.
Computerworld - With cloud computing, technology has advanced more quickly than the law's ability to effectively address its implications.
Consider the U.S. Patriot Act. It was recently revealed that U.S.-based cloud providers may have to comply with Patriot Act requests for data that's located in a provider's European data centers, even though this conflicts with the European Union's 1995 Data Protection Directive.
In response to that conflict, the European Commission recently announced that it plans to propose reforms to the EU directive by the end of January 2012.
Of course, cloud computing was not even a buzzword when the directive was first formulated in 1995. But all of this serves as a good reminder to ensure that your cloud-computing contract effectively addresses issues associated with data location and legal requests for data access.
When you use a cloud computing provider, your data travels over the Internet to and from one or more externally managed data centers. It may be in, or processed by, data centers in multiple locations around the world.
A variety of legal issues can arise when a customer's data resides in a cloud provider's data center in a different country than the one in which either the customer or the customer's clients reside. Different countries, and in some cases even different states, provinces or municipalities, have different laws pertaining to data.
A key question about cloud computing remains unresolved: Which law applies to my organization's data in the cloud: The law where I'm located, the law where my data's located, or the law where the data subject is located? International consensus on this issue has not yet been achieved.
Most contracts specify the governing law under which any disputes would be resolved, as well as the location of the court where such disputes would be heard. With cloud computing, applicable laws governing your data could include the laws where your organization is headquartered, where your cloud provider is headquartered, where your cloud provider's data centers are located, where the subjects of the data reside, and potentially the laws of the countries that your data passes through on its way to, from and among the cloud provider's data centers.
For these reasons it's essential for a cloud-computing contract to identify the geographic region within which the data centers hosting your data, and potentially the headquarters of the cloud provider, may be located, and to address the cloud provider's obligations to keep your data in those regions. Otherwise, the overlaps and potential conflicts between the possible governing laws could make legal and data access compliance impossible.
Legal requests for data access
Other columns by Thomas Trappler
- NASA's cloud audit holds value for all
- Who can pry into your cloud-based data?
- Does your cloud vendor protect your rights?
- Software licensing in the cloud
- For credit card handlers, cloud computing guidelines just got clearer
- Regulations and the cloud: HIPAA modification provides clarity
- Certification programs are making it easier to know all about a cloud vendor
- The do's and don'ts of safeguarding cloud-based data with encryption
- For a good cloud contract, start with an RFP
- It takes a team to create a good cloud contract
- Cloud Computing eGuide In this eGuide, CIO, Computerworld, and InfoWorld offer advice, tips, news, and predictions regarding cloud implementations in the coming year and beyond. Read...
- Increase IT Performance from the Enterprise to the Cloud with WAN Optimization Massive consolidation and data mobility, enabled by virtualization, have radically altered how we build servers, design applications, and deploy storage for the emerging...
- IDC: Eliminate Shortcomings in Your Cloud Architecture with Smarter Storage This white paper demonstrates how IBM Smarter Storage provides customers with an ideal, proven platform for cloud computing. IBM has a differentiated storage...
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- Video surveillance for IT: maximum image quality, minimum bandwidth Join us on Thursday, May 8th at 1 p.m. EST when Willem Ryan, Senior Product Marketing Manager at Avigilon, will discuss how IT... All Cloud Computing White Papers | Webcasts