Cloud Service Providers And The Law

Cloud Service Providers And The Law

Cloud Service Providers And The Law

Imagine opting out of the continuous struggle to keep software up to date, and essentially getting rid of overburdened corporate IT departments struggling to keep systems functional. This initial flavor of cloud computing given to the public is increasingly holding true to its promise due to numerous benefits such as flexibility, cost reduction, accessibility, and reliability. Undoubtedly, cloud computing presents a potential paradigm shift for all industries and sectors with many benefits such as flexibility, cost reduction, accessibility, and reliability.

While several technical benefits of cloud computing exist, there are few important considerations for users and corporations. One of the most important is the legal repercussions these new technologies may trigger. With the arrival of any new technology, the applicability of existing laws and the possibility of new laws tailored specifically to the new technology remain unclear until precedents are set. The cloud computing phenomena is global in nature challenging the very touchstone of jurisdictional complexities.

Lawyers-law-firms-cloud-computing

(Infographic Source: Business Of Law Blog)

These legal qualms pose significant risks to cloud service providers and users alike. Service providers constantly battle to strike a balance between reward of investing in better and new technologies; on the other hand, they expose themselves to greater risk of potential lawsuits as well as uncertain future regulations. For small businesses, this issue may even be greater as they lack resources to effectively negotiate contracts with large cloud service providers. On the other hand, large corporations may be easier to draft and negotiate a ‘strong’ contract with service providers.

Broadly speaking, there are six widely applicable regulations relating to cloud computing in the United States.

1. Stored Communications Act (SCA)
2. USA Patriot Act
3. The Health Insurance Portability and Accountability Act (HIPAA)
4. US Export Control Regulations
5. Federal Trade Commission Act
6. Communications Privacy Act of 1986 (ECPA).

While laws extensively cover areas related to security and privacy, loopholes are certain when referring matters relating to cloud computing. For instance, in 2011, a class action complaint was lodged against a cloud storage provider in Wong v. Dropbox, Inc., where, it was alleged that the company violated the California Unfair Competition Law and negligently invaded privacy of individuals. The class action complaint against Dropbox arose out of an update that inadvertently allowed anyone to log into any account using any password within a four hour window.

The risks are geared towards confusion as to applicable laws, the changing regulatory climate, and lack of industry standards. Cloud computing does reflect paradigm shift for both users and corporations, as it allows taking advantage of economies of scale as well as specialization to provide a more efficient and economical solution.

As jurisdiction within the cloud is so unclear, the only option would be to come to a mutual agreement or a compromise between cloud provider and user. Therefore, a harmonious and uniform set of laws governing data privacy and security is required which, in turn, would be beneficial in several respects. For instance, service providers would be able to assess their risks more accurately subsequently decreasing the need for them to push their risk onto users through contracts that force the customer to deal with privacy breaches that may be the fault of the service provider.

By Syed Raza

Sorry, comments are closed for this post.

Comics
Digital Identity Trends 2017 – Previewing The Year Ahead

Digital Identity Trends 2017 – Previewing The Year Ahead

Digital Identity Trends 2017 The lack of security of the Internet of Things captured public attention this year as massive distributed denial of service attacks took down much of the internet. The culprits? Unsecured connected devices that were easily accessed and manipulated to do the bidding of shadowy hackers. When you can’t access Netflix anymore,…

Data Breaches: Incident Response Planning – Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning – Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last couple of years, and not surprisingly — these days, it’s almost impossible to read news headlines without noticing yet another story about a data breach. As cybersecurity shifts from being a strictly IT issue to…

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And Virtual Reality This is a term I created (Virtual Immersion). Ah…the sweet smell of Virtual Immersion Success! Virtual Immersion© (VI) an extension/expansion of Virtual Reality to include the senses beyond visual and auditory. Years ago there was a television commercial for a bathing product called Calgon. The tagline of the commercial was Calgon…

Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the customer” may be more powerful. Two recurring revenue imperatives highlight the importance of responding to, and cherishing customer interactions. Technology and competitive advantage influence the final two. If you’re part of the movement towards recurring…

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Hyperconverged Infrastructure In this article, we’ll explore three challenges that are associated with network deployment in a hyperconverged private cloud environment, and then we’ll consider several methods to overcome those challenges. The Main Challenge: Bring Your Own (Physical) Network Some of the main challenges of deploying a hyperconverged infrastructure software solution in a data center are the diverse physical…

Having Your Cybersecurity And Eating It Too

Having Your Cybersecurity And Eating It Too

The Catch 22 The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this…

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…

2017 Brings DLP Technology and IoT’s Weaknesses to Light

2017 Brings DLP Technology and IoT’s Weaknesses to Light

DLP Technology In regards to data loss prevention (DLP), in the last five years many companies rushed to implement DLP solutions without taking the time to first identify the data that should not transit egress points. Most of these rushed implementations have not been successful. Security analysts, in particular 451 Research, have been recommending that…