Wednesday, November 23, 2011
Legal Issues in the Cloud: Exploring Business Continuity, Liability and SLA-related Issues
http://ow.ly/7CNB0
An article by Andrew L. Goldstein appearing on the Computer Technology Review website.
This article is the 2nd part of a series that discusses legal issues related to the use of cloud computing. The author discusses legal liability, service level agreements and the control of corporate data that is held by a cloud computing provider.
The article states, "Many companies are familiar with ‘e-discovery’ and have data retention, storage and destruction policies in place that apply in the event of litigation. If a cloud customer is sued, or there is the threat of litigation, the customer may have to initiate a ‘litigation hold’ to preserve documents, including electronic documents and any metadata in the documents. This could present a challenge in the cloud if the customer’s data is commingled with that of other clients or if the customer’s data is stored on parallel servers. Cloud customers should determine the vendor’s ability to prevent the destruction, alteration or mutilation of customer data in the vendor’s possession, as well as the vendor’s search capabilities for the data. Cloud customers should also make sure that their corporate policies and procedures account for any data in the cloud. Do the data retention and destruction policies of the cloud vendor align with those of the customer?"
The article further states, "Many cloud vendors subcontract with other entities. For example, in the SaaS environment, a third party often hosts the software vendor’s programs. The issues discussed above are complicated by the cloud vendor’s use of subcontractors. Will the subcontractor allow access to the customer’s data? Can the subcontractor comply with a litigation hold? For jurisdictional issues, where is the subcontractor located?
If there is a dispute between the customer and the cloud vendor, the vendor may try to shift liability to the subcontractor and the customer may not have the right to bring an action directly against the subcontractor. Some customers try entering into direct contractual relationships with the subcontractor. For instance, in the SaaS scenario, the customer might enter into an agreement with the SaaS vendor and also with the hosting service used by the SaaS vendor."
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment