Cloud adviser: Where's your data?
Be sure your contract specifies where your data can be located and obligates the cloud provider to tell you when the data has been disclosed to a third party.
Computerworld - With cloud computing, technology has advanced more quickly than the law's ability to effectively address its implications.
Consider the U.S. Patriot Act. It was recently revealed that U.S.-based cloud providers may have to comply with Patriot Act requests for data that's located in a provider's European data centers, even though this conflicts with the European Union's 1995 Data Protection Directive.
In response to that conflict, the European Commission recently announced that it plans to propose reforms to the EU directive by the end of January 2012.
Of course, cloud computing was not even a buzzword when the directive was first formulated in 1995. But all of this serves as a good reminder to ensure that your cloud-computing contract effectively addresses issues associated with data location and legal requests for data access.
When you use a cloud computing provider, your data travels over the Internet to and from one or more externally managed data centers. It may be in, or processed by, data centers in multiple locations around the world.
A variety of legal issues can arise when a customer's data resides in a cloud provider's data center in a different country than the one in which either the customer or the customer's clients reside. Different countries, and in some cases even different states, provinces or municipalities, have different laws pertaining to data.
A key question about cloud computing remains unresolved: Which law applies to my organization's data in the cloud: The law where I'm located, the law where my data's located, or the law where the data subject is located? International consensus on this issue has not yet been achieved.
Most contracts specify the governing law under which any disputes would be resolved, as well as the location of the court where such disputes would be heard. With cloud computing, applicable laws governing your data could include the laws where your organization is headquartered, where your cloud provider is headquartered, where your cloud provider's data centers are located, where the subjects of the data reside, and potentially the laws of the countries that your data passes through on its way to, from and among the cloud provider's data centers.
For these reasons it's essential for a cloud-computing contract to identify the geographic region within which the data centers hosting your data, and potentially the headquarters of the cloud provider, may be located, and to address the cloud provider's obligations to keep your data in those regions. Otherwise, the overlaps and potential conflicts between the possible governing laws could make legal and data access compliance impossible.
Legal requests for data access
Other columns by Thomas Trappler
- NASA's cloud audit holds value for all
- Who can pry into your cloud-based data?
- Does your cloud vendor protect your rights?
- Software licensing in the cloud
- For credit card handlers, cloud computing guidelines just got clearer
- Regulations and the cloud: HIPAA modification provides clarity
- Certification programs are making it easier to know all about a cloud vendor
- The do's and don'ts of safeguarding cloud-based data with encryption
- For a good cloud contract, start with an RFP
- It takes a team to create a good cloud contract
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- ESG: The IBM FlashSystem 840: Technical Evolution to Deliver Business Value In this whitepaper, you will learn how this high-speed storage technology has tremendous potential to support I/O-intensive and/or latency-sensitive applications.
- Choosing an MDM Platform: Where to Start the Conversation If you're in the early stages of choosing an MDM solution, or you're considering switching vendors, here are seven critical questions to ask...
- Axeda Platform Technical Overview This paper summarizes the major features of an IoT platform and explains how they simplify and speed the process of developing and deploying...
- Stock Shock: The effect of project and portfolio management on share price In this independent report, you'll see the intrinsic connection between long-term capital investment and short term market performance -- and how this can...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Cloud Computing White Papers | Webcasts