Your SlideShare is downloading. ×
Legal & Commercial, Issues of a Cloud Service
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Legal & Commercial, Issues of a Cloud Service

313

Published on

DLA presentation to VMUG 5, 11th Oct 2011

DLA presentation to VMUG 5, 11th Oct 2011

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
313
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Legal and CommercialIssues of a Cloud Service Alex Kirkhope / Dominic Higham 11 October 2011
  • 2. Introductions and themes  Service specification and service levels  Rights, liabilities and remedies  Standard terms  Data protection issues  Dispute readinessCloud Computing - BCS 11 October 2011 2
  • 3. Defining Cloud Computing “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. " National Institution Standards and Technology (NIST) Software as a Service Platform as a Service Infrastructure as a ServiceCloud Computing - BCS 11 October 2011 3
  • 4. The business drivers • cost effective • scalable / dealing with spikes • easy to install • standard service offering • integrated maintenance • avoids supplier lock in (?)Cloud Computing - BCS 11 October 2011 4
  • 5. Legal Issues  Service specification and levels  Contractual rights, remedies and liabilities  Control over data  Data privacyCloud Computing - BCS 11 October 2011 5
  • 6. Service specification / service levels  As with any outsourcing arrangements... be clear about what you are getting  basic service features  application features  business continuity  availability / response times / downtime  helpdesk support  charging structure  utility based? fixed fee?  performance monitoring  recompense if below par?Cloud Computing - BCS 11 October 2011 6
  • 7. Rights, remedies and liabilities  Terms almost always non-negotiable  supplier unwilling to take on risk  liability capped at very low levels and direct loss tightly defined  rare to see service credit regime  service provided as is  if you dont like it  simply walk away  As customer you will be expected to  pay on time  sign & indemnify the acceptable user policy  understand limited commitments around the serviceCloud Computing - BCS 11 October 2011 7
  • 8. Screen shots - GoogleAppsCloud Computing - BCS 11 October 2011 8
  • 9. Standard –v- negotiated terms  Standard terms  low liability limits  reduced rights in case of data loss, downtime, etc.  Typically, more keenly priced  Customer loss –v- providers business  Negotiated terms  chance to gain better protection subject to bargaining positionCloud Computing - BCS 11 October 2011 9
  • 10. Limitations of Liability - AWS  11. Limitations of Liability WE AND OUR AFFILIATES OR LICENSORS WILL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, OR DATA), EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER, NEITHER WE NOR ANY OF OUR AFFILIATES OR LICENSORS WILL BE RESPONSIBLE FOR ANY COMPENSATION, REIMBURSEMENT, OR DAMAGES ARISING IN CONNECTION WITH: (A) YOUR INABILITY TO USE THE SERVICES, INCLUDING AS A RESULT OF ANY (I) TERMINATION OR SUSPENSION OF THIS AGREEMENT OR YOUR USE OF OR ACCESS TO THE SERVICE OFFERINGS, (II) OUR DISCONTINUATION OF ANY OR ALL OF THE SERVICE OFFERINGS, OR, (III) WITHOUT LIMITING ANY OBLIGATIONS UNDER THE SLAS, ANY UNANTICIPATED OR UNSCHEDULED DOWNTIME OF ALL OR A PORTION OF THE SERVICES FOR ANY REASON, INCLUDING AS A RESULT OF POWER OUTAGES, SYSTEM FAILURES OR OTHER INTERRUPTIONS; (B) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; (c) ANY INVESTMENTS, EXPENDITURES, OR COMMITMENTS BY YOU IN CONNECTION WITH THIS AGREEMENT OR YOUR USE OF OR ACCESS TO THE SERVICE OFFERINGS; OR (D) ANY UNAUTHORIZED ACCESS TO, ALTERATION OF, OR THE DELETION, DESTRUCTION, DAMAGE, LOSS OR FAILURE TO STORE ANY OF YOUR CONTENT OR OTHER DATA. IN ANY CASE, OUR AND OUR AFFILIATES’ AND LICENSORS’ AGGREGATE LIABILITY UNDER THIS AGREEMENT WILL BE LIMITED TO THE AMOUNT YOU ACTUALLY PAY US UNDER THIS AGREEMENT FOR THE SERVICE THAT GAVE RISE TO THE CLAIM DURING THE 12 MONTHS PRECEDING THE CLAIM.Cloud Computing - BCS 11 October 2011 10
  • 11. Challenging the standard terms  What is the Unfair Contract Terms Act 1977?  UCTA - Guidelines for Application of Reasonableness Test include:  (a) the strength of the bargaining positions of the parties relative to each other, taking into account (among other things) alternative means by which the customer’s requirements could have been met;  (b) whether the customer … had an opportunity of entering into a similar contract with other persons, but without having a similar term;Cloud Computing - BCS 11 October 2011 11
  • 12. Case law  St Albans v ICL  Watford Electronics v Sanderson, 2001  Where experienced businessmen representing substantial companies of equal bargaining power negotiate an agreement, they may be taken to have had regard to the matters known to them. They should, in my view be taken to be the best judge of the commercial fairness of the agreement which they have made; including the fairness of each of the terms in that agreement. They should be taken to be the best judge on the question whether the terms of the agreement are reasonable. The court should not assume that either is likely to commit his company to an agreement which he thinks is unfair, or which he thinks includes unreasonable terms. Unless satisfied that one party has, in effect, taken unfair advantage of the other – or that a term is so unreasonable that it cannot properly have been understood or considered - the court should not interfere.Cloud Computing - BCS 11 October 2011 12
  • 13. Termination for breach/cause  More important in longer terms arrangements Termination for Cause by Either Party Either party may terminate this Agreement for cause upon [30/10/7] days advance notice to the other party if there is any material default or breach of this Agreement by the other party, unless the defaulting party has cured the material default or breach within the ## day notice period.Cloud Computing - BCS 11 October 2011 13
  • 14. Material Breach?  There is no commonly accepted definition of "material breach". Where a contract is expressed to be terminable for material breach and no definition is included the courts will look at all the surrounding circumstances. Key points include:  the intention of the parties. Did they intend to give the non breaching party the right to terminate?;  the nature of the contract and the obligations involved;  what the breach consists of and how it impacts on the innocent party;  the circumstances in which the breach arises including any explanation given;  was the breach accidental or intentional?; and  the consequences for the breaching party if the breach is material. This is less important than the impact of the breach on the non breaching party.  Contrast termination for repudiatory breach  What is the effect of this contractual position?Cloud Computing - BCS 11 October 2011 14
  • 15. Data ownership  If you put data in the Cloud understand:  who may be able to access it : strength of confidentiality / security undertakings offered  commitments provided on exit / transition : how easy would it be to transfer to another provider  would you be prepared to put your crown jewels there?Cloud Computing - BCS 11 October 2011 15
  • 16. Data privacy  Data Protection Act 1998  if you put personal data in the cloud you have responsibility as a data controller…  to be satisfied that adequate measures in place to protect confidentiality and security of data against unauthorised loss, damage, destruction, etc  to prevent the data from being processed outside Europe unless further legal protections are in place  it is not good enough to simply rely on the good word of a supplier  ICO (and FSA if you are FSA regulated) take a strict approach to enforcement  Zurich fined £2.4m for failing to undertake adequate due diligence when allowing customer data to be outsourced to South Africa.Cloud Computing - BCS 11 October 2011 16
  • 17. Data loss  Data loss remains high profile – NHS, HMRC, Deloitte, MoD, banks and financial institutions  Consequences  fines  criminal sanction  undertakings  reputation  claims  management time and money dealing with claimsCloud Computing - BCS 11 October 2011 17
  • 18. ICO  What will the ICO look at?  circumstances of breach  the response to the loss  steps to mitigate  adequacy of procedures, standards, encryption  Steps to take:  investigate, assess, contain  inform regulators and/or public – deal with publicity  prevent recurrence and remedy underlying issues  Personal Information Online Code of Practice  pragmatic approach but will want to see risk analysis done.  Cloud and outsourcing are not the only source of data loss riskCloud Computing - BCS 11 October 2011 18
  • 19. Contract management and disputereadiness  material breach and repudiatory breach  dispute approach  contract management – service of notices etc.  discussions – open and without prejudice  escalation procedures  documents  witnesses  business continuity - exit and transition and future provision of servicesCloud Computing - BCS 11 October 2011 19
  • 20. Conclusions Cloud computing is growing rapidly Attractive as a commercial / business proposition There are risks : understand before proceeding Go in eyes wide openCloud Computing - BCS 11 October 2011 20
  • 21. Any questions or comments?alex.kirkhope@dlapiper.comdominic.higham@dlapiper.comCloud Computing - BCS 11 October 2011 21

×