Cloud Computing Conference 2009 - User data protection and confidentiality - Legal perspective

Carla Pinheiro from Clarke, Modet & Co.

Clarke, Modet & Co is a Consultancy company in Intellectual Property management.

What’s the public main concern?

According to a report of the Pew Internet and American life Project:

  • What happens if the company is sold?
  • What about data switching from one company to another?

Is Cloud Computing a Trap?

For Richard Stallman from Free Software Development, Cloud Computing is evil and will make proprietary technologies to grab more customers and entrap them.

Cloud computing is a trap, warns GNU founder Technology

Stallman- Cloud computing is 'stupidity' Business Tech - CNET News

Stallman calls cloud computing stupid

Richard Stallman vs Cloud Computing

Legal Issues

  • Regulation?
    • Cloud Service Delivering model is not entirely new nor is unregulated.
    • There’s an extensive pre-existing framework of regulations which applies to IT, software and e-Commerce.
  • Global?
    • Although cloud services appear to be global, it is still going to be subject to national regulations
  • Where and for how long?
    • Various regulators will be interested too know where and for how long is going to be the location of customer data
    • Privacy
  • Quality?
    • in some cases, few legal assurances given by service-providers reflect that lower price and little support or maintenance.
    • Some of those terms and conditions may not stand up to EU customers and contract law.
  • Protection of Privacy
    • In certain jurisdictions, data which customers might believe to be secure could, in fact, be subject to disclosure thought. example: England and  US
  • Reproduction Fate Sharing
    • On customer’s bad behavior may affect the reputation of the cloud as a whole
  • Risk Mitigation
    • Users of cloud services should insist on SLA terms
      • Privileged User access
        • Who has specialized access to data and about the hiring and management of such administrators
      • Regulatory Compliance
        • Make sure a vendor is willing to undergo external audits and/or security certifications
      • Data Location
        • ask provider if he will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment on the subject
      • Data Segregation
        • make sure that encryption is available at all stages
      • Recovery
        • find out what will happen to data in case of a disaster. Do they offer complete restoration and, if so, how long that would take

Conclusions

The cloud computing trend is likely to lkead to new business models and contract arrangements between IT providers and their customers

Don’t forget that a cloud on the ground is called fog… (trademark)

No Comments