Laws And Regulations Governing The Cloud Computing Environment

Laws And Regulations Governing The Cloud Computing Environment

Cloud computing technologies developed around them a complex legal and regulatory environment.  There are federal, international and even state laws that impose responsibilities to both cloud computing tenants and providers. Regardless of which side your business is on, you have to consider the legal issues, especially those related to the data you collect, store and process.

Different sector specific laws for cloud computing tenants and providers

To ensure you are in legal compliance, you may want to know more about American laws. In the United States, privacy and security are spread over different industry specific laws and regulations:

Health Insurance Portability and Accountability Act (HIPAA)

  • Under HIPAA’s Privacy Rule, an entity may not use or disclose protected health information unless as permitted or required by the Rule, or as authorized in writing by the individual affected. HIPAA’s Security Rule complements the Privacy Rule and deals specifically with Electronic Protected Health Information (EPHI). It lays out three types of security safeguards required for compliance: administrative, physical, and technical. The Rule identifies various security standards for each of these types. Required specifications must be adopted and administered as dictated by the Rule.

The Gramm-Leach-Bliley Act (GLBA)

  • It has 2 key rules for “financial institutions” storing data in the cloud: the Financial Privacy Rule and the Safeguards Rule. The Financial Privacy Rule requires institutions to notify each customer at the time the relationship is established and annually thereafter about the personal information about them collected, where that information is kept, with whom is shared, how is used, and how it is protected. The Safeguards Rule requires financial institutions to develop a written information security plan that describes how the company plans to protect clients’ nonpublic personal information.

Payment Card Industry Data Security Standard

  • The Payment Card Industry Data Security Standard (PCI DSS) was jointly developed by Visa and MasterCard to simplify compliance for merchants and payment processors. It has 6 core areas and 12 requirements that cover best practices for perimeter security, data privacy, and layered security.

Family Educational Rights and Privacy Act (FERPA)

  • FERPA is a federal law that protects student information collected by educational institutions and associated vendors. These institutions must have the student’s consent prior to disclosure of personal data including grades, enrollment status, or billing information. Protection of student information according to FERPA regulations is a key consideration in using cloud-based applications that handle student records. IT administrators must be aware of the information that is passed to a cloud network or application.

US-based cloud tenants and providers must consult a plethora of industry-specific laws to determine their legal risks and obligations. But if you don’t adequately protect the information you store, there are some important consequences you should assume, like fines or lawsuits. Remember that fines and lawsuits can have devastating consequences for small or midsize businesses.

So, do you know what laws should govern your cloud computing technologies?

By Rick Blaisdell

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

4 Cloud Technology Trends To Look Out For

4 Cloud Technology Trends To Look Out For

Cloud Technology Trends When you are reading articles on the future of tech on the Internet you cannot escape mention of the cloud: it is set to be the best thing that has ever happened to us, pundits assure us, and there is a promise of some serious money to be made. Reading these articles you can tell there is…

Are You SURE You Are Ready For The Cloud? Cloud Readiness

Are You SURE You Are Ready For The Cloud? Cloud Readiness

Cloud Readiness Over the last three months, we have discussed the reasons why you may have wanted to move to the cloud.  Maybe the decision wasn’t yours to be made in the first place?  Either way, you are now getting ready to start down that road of cloud enlightenment! (Image source: Shutterstock) The question is,…

The Evolution Of The Connected Cloud

The Evolution Of The Connected Cloud

The Connected Cloud Cloud computing is interesting first, but not only, because of the prevalence of cloud projects. There are many of them launched every day. Some have lofty expectations for business benefits (cost saving of 20 percent or more) and others carry even more intriguing goals. In 2005 “the cloud” was new. Shared computing…

DRaaS: Can Make Providers Life Easier

DRaaS: Can Make Providers Life Easier

DRaaS Planning Earlier in Part 1 this week we’ve touched on “What Is DRaaS?”. Now we will explore this a little further.  Disaster recovery situations are always high pressure, stressful affairs which require cool heads and excellent planning. What can service providers of DRaaS to do to make life easier for their customers and to…

How To Choose The Right Cloud Security Package For Your Business

How To Choose The Right Cloud Security Package For Your Business

How To Choose The Right Cloud Security Package The questions you need to ask yourself when deciding on the right cloud security solution for a growing organisation Not sure which cloud security package will be the best fit for your business? Check out our guide to choosing a service that’s going to meet your needs…

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

Data Science and Machine Learning Security breaches have been consistently rising in the past few years. Just In 2015, companies detected 38 percent more security breaches than in the previous year, according to PwC’s Global State of Information Security Survey 2016. Those breaches are a major expense — an average of $3.79 million per company,…

How IRM Makes Cloud-Based File Collaboration “Security-Aware”

How IRM Makes Cloud-Based File Collaboration “Security-Aware”

IRM Cloud-Based File Collaboration  Data breaches and data loss due to insider threats, including malicious insiders stealing, manipulating or destroying data, are the fastest-growing risks that keep managers up at night, according to new research by Ernst & Young. How can we ensure that the right people in an organization have the right access to…

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor