Legal Risks in the Cloud

Don't sign that contract until you consider five red flags in cloud service deals.

Last year, a global food manufacturing and distribution company set out to move its HR talent management processes to a software-as-a-service provider. But as attorneys for the food company reviewed the proposed contract, they found some potentially serious legal land mines.

For starters, the SaaS provider had operations in the U.S., Europe and Canada. "Europe and Canada are two jurisdictions that heavily regulate [the use of] personal information. Since this was an HR system, there would be a lot of personal information," recalls Rebecca Eisner, an attorney specializing in outsourcing who represented the food company.

The provider also wanted the flexibility to move the company's information to data centers anywhere in the world, and that would subject the company to the laws of whatever country the data passed through or landed in.

But there was no turning back. The company was as smitten with the SaaS application as it was unaware of the legal risks. After two months of negotiations, the two sides agreed on a contract.

"The [SaaS provider] didn't want to admit their lack of sophistication on these issues. But they understood where we were coming from," says Eisner, a partner in the Chicago office of the law firm Mayer Brown. "Ultimately, they understood that if they were going to get [the food company] as a customer -- and other global companies in the future -- they needed to provide these kinds of minimum protections. So they went along with it."

If you're operating in the cloud or plan to move there soon, here are five areas of legal risk that you shouldn't ignore.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon