Laws And Regulations Governing The Cloud Computing Environment

Laws And Regulations Governing The Cloud Computing Environment

Cloud computing technologies developed around them a complex legal and regulatory environment.  There are federal, international and even state laws that impose responsibilities to both cloud computing tenants and providers. Regardless of which side your business is on, you have to consider the legal issues, especially those related to the data you collect, store and process.

Different sector specific laws for cloud computing tenants and providers

To ensure you are in legal compliance, you may want to know more about American laws. In the United States, privacy and security are spread over different industry specific laws and regulations:

Health Insurance Portability and Accountability Act (HIPAA)

  • Under HIPAA’s Privacy Rule, an entity may not use or disclose protected health information unless as permitted or required by the Rule, or as authorized in writing by the individual affected. HIPAA’s Security Rule complements the Privacy Rule and deals specifically with Electronic Protected Health Information (EPHI). It lays out three types of security safeguards required for compliance: administrative, physical, and technical. The Rule identifies various security standards for each of these types. Required specifications must be adopted and administered as dictated by the Rule.

The Gramm-Leach-Bliley Act (GLBA)

  • It has 2 key rules for “financial institutions” storing data in the cloud: the Financial Privacy Rule and the Safeguards Rule. The Financial Privacy Rule requires institutions to notify each customer at the time the relationship is established and annually thereafter about the personal information about them collected, where that information is kept, with whom is shared, how is used, and how it is protected. The Safeguards Rule requires financial institutions to develop a written information security plan that describes how the company plans to protect clients’ nonpublic personal information.

Payment Card Industry Data Security Standard

  • The Payment Card Industry Data Security Standard (PCI DSS) was jointly developed by Visa and MasterCard to simplify compliance for merchants and payment processors. It has 6 core areas and 12 requirements that cover best practices for perimeter security, data privacy, and layered security.

Family Educational Rights and Privacy Act (FERPA)

  • FERPA is a federal law that protects student information collected by educational institutions and associated vendors. These institutions must have the student’s consent prior to disclosure of personal data including grades, enrollment status, or billing information. Protection of student information according to FERPA regulations is a key consideration in using cloud-based applications that handle student records. IT administrators must be aware of the information that is passed to a cloud network or application.

US-based cloud tenants and providers must consult a plethora of industry-specific laws to determine their legal risks and obligations. But if you don’t adequately protect the information you store, there are some important consequences you should assume, like fines or lawsuits. Remember that fines and lawsuits can have devastating consequences for small or midsize businesses.

So, do you know what laws should govern your cloud computing technologies?

By Rick Blaisdell / Rickscloud

Follow Us!


Established in 2009, is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...


Top Viral Impact

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter The city of the future is impeccably documented. Sensors are used to measure air quality, traffic patterns, and crowd movement. Emerging neighborhoods are quickly recognized, public safety threats are found via social networks, and emergencies are dealt with quicklier. Crowdsourcing reduces commuting times, provides people with better transportation

Cloud Infographic: The Education Of Tomorrow

Cloud Infographic: The Education Of Tomorrow

Cloud Infographic: The Education Of Tomorrow  Online Education is a very exciting topic for many as it opens up many new doors and opportunities. We’ve touched on areas such as Massive Open Online Sources (MOOC) which provides tremendous levels of cloud based interconnectivity. We’ve taken a look into higher education,  the increased demand for online courses as well as

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery Preventing a Cloud Disaster is one thing. Recovering from a disaster is a whole other area of concern. Today’s infographic provided by CloudVelox outlines some best practices and safeguards in order to help your business make more informed decisions. About Latest Posts Follow Us!CloudTweaksEstablished in 2009,

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate long term with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

Please review the guidelines before applying.