Partly Sunny with a Chance of Rain II: Forecasting the Legal Issues in Cloud Computing
Upcoming SlideShare
Loading in...5
×
 

Partly Sunny with a Chance of Rain II: Forecasting the Legal Issues in Cloud Computing

on

  • 945 views

Driven by ever-increasing costs for computer infrastructure and the resources necessary to manage it, law firms and their clients have begun using hosted services and solutions available through the ...

Driven by ever-increasing costs for computer infrastructure and the resources necessary to manage it, law firms and their clients have begun using hosted services and solutions available through the Internet for their required IT needs. Commonly referred to as “cloud computing,” these service models provide infrastructure, software or platforms via the Internet, rather than through more traditional on-site hardware and software installation and support. Technological developments have spurred somewhat of a “perfect storm” for the growth of cloud service providers, but clients and lawyers weighing this option must address the evolving legal risks inherent in this model, and may need to consider taking an umbrella before stepping “outside.”

Statistics

Views

Total Views
945
Slideshare-icon Views on SlideShare
368
Embed Views
577

Actions

Likes
0
Downloads
6
Comments
0

4 Embeds 577

http://legalintangibles.com 572
http://www.linkedin.com 2
https://www.linkedin.com 2
http://prlog.ru 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Partly Sunny with a Chance of Rain II: Forecasting the Legal Issues in Cloud Computing Partly Sunny with a Chance of Rain II: Forecasting the Legal Issues in Cloud Computing Presentation Transcript

    • “Partly Sunny with a Chance of Rain II”: Forecasting the Legal Issues in Cloud Computing by: Thomas A. Kulik Chairman, Dallas Bar Association Computer Law Section Partner, Scheef & Stone, L.L.P. Dallas Bar Association – Computer Law Section October 28, 2013   ®  
    • About  the  Presenter   Tom  Kulik  is  a  Partner  in  Scheef  &  Stone,  L.L.P.  out  of  its  headquarters  in   Dallas,  Texas,  as  well  as  Chairman  of  the  Dallas  Bar  AssociaBon  Computer  Law   SecBon.    With  a  deep  understanding  of  how  intellectual  property  assets   influence  business,  he  leverages  20  years  of  law  pracBce  with  prior  industry   experience,  strategically  counseling  clients  on  maKers  involving  the   evaluaBon,  acquisiBon,  development  and  protecBon  of  intellectual  property   rights,  with  an  emphasis  on  creaBvely  leveraging  such  assets  both   domesBcally  and  internaBonally.   Prior  to  matriculaBon  in  law  school,  he  was  an  award-­‐winning  systems   engineer  for  3Com  CorporaBon,  where  he  was  responsible  for  local  and  wide-­‐ area  network  architecture  and  design  supporBng  both  Fortune  500  and  start-­‐ up  companies  in  the  computer  services,  financial  and  pharmaceuBcal   industries.     Leveraging  this  industry  experience,  his  pracBce  focuses  on  intellectual   property  transacBons,  parBcularly  within  the  context  of  the  computer   soQware,  emerging  Internet  technologies  and  e-­‐commerce,  and  includes  an   extensive  trademark  preparaBon  and  prosecuBon  pracBce  and  aKendant   intellectual  property  liBgaBon.   ®  
    • What  is  the  “Cloud”?...   ®  
    • …and  What  is  “Cloud  CompuBng”?   “SaaS”            “PaaS”   “IaaS”   ®  
    •    “Cloud  CompuBng”  –  A  Hazy  Phrase   for  a  Foggy  (Evolving)  Concept   “As  a  metaphor  for  the  Internet,  "the  cloud"  is  a   familiar  cliché,  but  when  combined  with   "compuBng,"  the  meaning  gets  bigger  and  fuzzier… [but  essenBally]  encompasses  any  subscripBon-­‐ based  or  pay-­‐per-­‐use  service    that,  in  real  Bme  over   the  Internet,  extends  IT's  exisBng  capabiliBes.”    What  Cloud  Compu-ng  Really  Means,  Eric  Knor  &  Galen  Gruman,  InfoWorld,  2009   ®  
    • “Cloud  CompuBng”  DefiniBon  –  The  NaBonal   InsBtute  of  Standards  and  Technology            “Cloud  compuBng  is  a  model  for  enabling  convenient,  on-­‐ demand  network  access  to  a  shared  pool  of  configurable   compuBng  resources  (e.g.,  networks,  servers,  storage,   applicaBons,  and  services)  that  can  be  rapidly  provisioned   and  released  with  minimal  management  effort  or  service   provider  interacBon.  This  cloud  model  promotes  availability   and  is  composed  of  five  essen-al  characteris-cs,  three   service  models,  and  four  deployment  models.”        The  NIST  Defini,on  of  Cloud  Compu,ng,  Peter  Mell  and  Tim  Grance,  Version  15,  October  7,  2009   ®  
    •        “Cloud  CompuBng”-­‐  EssenBal  CharacterisBcs   •  On-­‐demand  self-­‐service  –  unilateral  and  automaBc   provisioning  of  a  user’s  compuBng  needs   •  Broad  network  access  –  services  available  through  the   network  to  cellphones,  PDAs,  laptops,  iPads,  etc.     •  Resource  pooling  –  dynamic  assignment  of  physical  and   virtual  compuBng  resources   •  Rapid  elas9city  –  quick  scale-­‐out/scale-­‐in  –  seamless  and   seemingly  unlimited  to  the  user   •  Measured  Service  –  automaBc  control  to  opBmize   management  of  resources  (storage,  processing,   bandwidth,  accounts)   ®  
    • “Cloud  CompuBng”  –  Service  Models    So7ware-­‐as-­‐a-­‐Service  (“SaaS”)   •  External  soQware  hosBng  in  a  cloud  infrastructure    PlaDorm-­‐as-­‐a-­‐Service  (“PaaS”)   •  Think  “SaaS-­‐plus”  –  compuBng  plamorm  and  “soluBon   stack”  for  building  and  running  custom  applicaBons  by  the   user        Infrastructure-­‐as-­‐a-­‐Service  (“IaaS”)   •  Data  processing,  storage,  network  and  other  fundamental   compuBng  resources  in  cloud  infrastructure   ®  
    • Examples  of  Cloud  Services  from  Cloud   Service  Providers”  (“CSPs”)    Infrastructure-­‐as-­‐a-­‐Service  (“IaaS”)   •  Amazon  ElasBc  Compute  Cloud  (EC2),  Amazon  S3,   Rackspace    So7ware-­‐as-­‐a-­‐Service  (“SaaS”)   •  Apple  iCloud,  Google  Apps,  Facebook  ApplicaBons    PlaDorm-­‐as-­‐a-­‐Service  (“PaaS”)   •  Salesforce  AppExchange,  Google  AppExchange   ®  
    • “Cloud  CompuBng”  –  Deployment  Models     Private  Cloud     Used  solely  by/operated  solely  for  the  organizaBon     Community  Cloud     Used  by/operated  for  mulBple  organizaBons  Bed  to  a  “specific   community”  with  “shared  concerns”     Public  Cloud     Owned  by  CSP  providing  cloud  services  to  the  public     Hybrid  Cloud     ComposiBon  of  2  or  more  disBnct  clouds  “bound  together  by   standardized  or  proprietary  technology  that  enables  data  and   applicaBon  portability”     ®  
    •    “Cloud  CompuBng”  –  DefiniBon  in  a  Nutshell          A  fully-­‐scalable  service  for  processing  and  storing   data  using  third-­‐party  shared  resources,  soQware   and  informaBon  accessible  over  a  network  (i.e.  the   Internet),  and  provided  to  computers  and  other   devices  on-­‐demand:     Usually  subscripBon-­‐based     May  be  pay-­‐per-­‐use     Even  free!   ®  
    • Why  the  Cloud  Model?     A  “Perfect  Storm”     •  Economics  -­‐  IT  capital  cost  pressures  pushing  for  beKer   ROI   •  More  for  Less  -­‐  Technological  InnovaBon  is  permipng:   »  BeKer  communicaBons  bandwidth  availability   »  Improved  microprocessor/bus  speeds   »  Increased  storage  capabiliBes   •  “Virtualiza,on”  –  easier  for  CSPs  to  maximize   infrastructure  for  the  services  provided  and  offload  much   IT  management   ®  
    • The  Legal  ConsideraBons  in  Cloud   CompuBng:    More  Than  A  Drizzle…     Security  &  Privacy     Contractual  ConsideraBons     Intellectual  Property     E-­‐Discovery  &  LiBgaBon     Ethical  ConsideraBons  for  Lawyers   ®  
    • The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Data  in  the  “Cloud”  harder  to  protect   •  •  •  Is  a  “mulB-­‐tenant”  architecture  –  data  stored  on  a  virtual  server  that   shares  same  physical  server  with  other  virtual  servers   Security  dependent  upon  configuraBon  of  the  virtual  servers  and  API   vulnerabiliBes   Geographic  distribuBon  concerns  –  the  “cloud”  knows  no  boundaries     Breach  harder  to  detect  &  manage   •  •  •  CSP  may  use  third-­‐party  providers  for  elements  of  the  service   Audit  trail  across  mulBple  plamorms  not  necessarily  integrated   Geographic  distribuBon  concerns  remain   ®  
    • The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy   Think  that  3rd   parBes  are  not   looking  for   YOUR  data?     THINK  AGAIN…   ®  
    • The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy    Stengart  v.  Loving  Care  Agency,  Inc.,  990  A.2d  650  (2010)   company  policy  claiming  it  owned  all  informaBon  on  its   computers  NOT  enough  to  permit  retenBon  of  aKorney-­‐client   privileged  emails    N.J.  Appellate  Division  reversed  Superior  Court’s  order     ordered  employer  and  its  counsel  to  turn  over  ALL  email   communicaBons  between  plainBff  and  her  counsel  AND  delete   same  for  hard  drives     Ordered  hearing  on  sancBons    Point:  aKorney-­‐client  privilege  “substanBally  outweigh[s]”   employer’s  enforcement  of  its  own  policies     ®  
    • The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy    City  of  Ontario  v.  Quon,  130  S.Ct.2619  (2010)  –  9-­‐0  decision   holding  City  did  NOT  violate  police  employees’  4th   Amendment  rights  by  searching  text  messages  on  city-­‐owned   pagers      SCOTUS  rev’d  9th  Circuit     found  search  to  be  “reasonable”  because    moBvated  by   legiBmate  work-­‐related  purpose  &  not  excessive  in  scope     Rejected  9th  Circuit’s  “least  intrusive”  means  approach  (i.e.  use   less  intrusive  methods  to  determine  proper  use  of  pagers)    BUT…did  not  address  employee  privacy  expectaBons   when  using  employer  computers   ®  
    • The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Compliance  with  privacy  and  security  laws  and   regulaBons  no  longer  a  domes-c  maGer       Trans-­‐border  flow  of  private  informaBon  may  trigger  obligaBons     U.S.  laws  far  LESS  restricBve  than  other  countries  (parBcularly  the   European  Union)     Liability  for  breach  depends  upon  who  controls  the  data   versus  mere  data  processors     Many  data  privacy  laws  pre-­‐date  cloud  compuBng  capability   ®  
    • The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Some  DomesBc  ConsideraBons:   •  •  •  •  •  Graham  Leach  Bliley  Act  -­‐  Financial  insBtuBons  must  have  policies/ procedures  in  place  to  protect  “non-­‐public  personal  financial   informaBon”  from  improper  disclosure   HIPAA/HITECH  Act  –  “Covered  enBBes”  required  to  noBfy  affected   persons  of  breach  of  unencrypted  “personal  health  informaBon”   FTC  Safeguards  Rule  –  Financial  insBtuBons  required  to  have    wriKen   security  plan  regarding  customer’s  private  informaBon   FTC  Red  Flags  Rule  –  InsBtuBons  holding  credit  accounts  must  have   wriKen  idenBty  theQ  program   Stored  CommunicaBons  Act  -­‐  protecBon  from  disclosure  for  emails  and   other  private  data  that  are  in  such  electronic  storage   ®  
    • The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Some  InternaBonal  ConsideraBons   •  EU  Data  ProtecBon  DirecBve  95/46/EC  –  no  transfer  of  data  to   countries  OUTSIDE  the  EU  unless  they  offer  an  “adequate  level  of   protecBon”  OR  where  excep-ons  apply...like  the  U.S.  Safe  Harbor  List   •  U.S.  Department  of  Commerce  negoBated  a  safe  harbor  framework   with  the  European  Commission  to  “bridge”  differences  in  privacy   protecBon  with  EU  member  states   •  CerBfying  to  the  “safe  harbor”  will  assure  that  EU  organizaBons  know   that  your  company  provides  "adequate"  privacy  protecBon   ®  
    • The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     MUST  understand  the  CSP  operaBonal  model  to  facilitate   compliance  with  applicable  privacy  and  security  laws/ regulaBons  (especially  interna-onally  stored  data)     REVIEW  CSP  privacy  policy  AND  security  procedures  for   conBnuity  with  exisBng  company  procedures  &  guidelines  (i.e.   audit/reporBng  requirements,  security  breach  noBficaBons)     IDENTIFY  and  SPECIFY  data  security  controls  at  the  soQware   level  (i.e.  encrypBon,  firewalls),  as  well  as  physical  security   ®  
    • The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     Different  contractual  consideraBons  from   outsourcing  model   •  •  •  LocaBon  of  service/data  NOT  fixed,  but  distributed   CSP  owns  the  technology,  NOT  the  user/company   Contracts  normally  NOT  negoBable     Risk  allocaBon  far  more  difficult  to  address   •  •  •  No  tradiBonal  soQware  “license”  –  is  an  access  model   LiKle  to  no  indemnity/infringement  protecBon  from  CSP   LimitaBon  of  liability  may  not  cover  anBcipated  risk   ®  
    •    The  Legal  ConsideraBons  in  Cloud  CompuBng:       Contractual  ConsideraBons   Don’t  think  third  parBes  are  “looking”?    THINK  AGAIN…   “Just  as  a  sender  of  a  leKer  to  a  business  colleague  cannot  be  surprised   that  the  recipient’s  assistant  opens  the  leKer,  people  who  use  web-­‐based   email  today  cannot  be  surprised  if  their  communica9ons  are  processed   by  the  recipient’s  ECS  provider  in  the  course  of  delivery.  Indeed,  “a   person  has  no  legi9mate  expecta9on  of  privacy  in  informa9on  he   voluntarily  turns  over  to  third  par9es.”  Smith  v.  Maryland,  442  U.S.  735,   743-­‐44  (1979).”  (emphasis  added)   Google  MoBon  to  Dismiss,  In  re  Google  Gmail  Li-ga-on,  Case  No.  5:13-­‐ md-­‐02430-­‐LHK  (N.D.  Ca.)   ®  
    • The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     JurisdicBon   •  Governing  law/Venue  always  favors  the  CSP     LimitaBons  of  Liability   •  Usually  no  liability  for  damages  whatsoever  (data   deleBon,  corrupBon,  failure  to  access,  etc.)     Limited  to  No  Warranty   •  •  “AS-­‐IS”  or  “as  available”   No  warranty  that  service  uninterrupted/error-­‐free  –   limited  to  SLA,  which  may  be  inadequate   ®  
    • The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     TerminaBon   •  •  •  CSPs  usually  reserve  right  to  terminate  unilaterally   Data  portability  in  event  of  terminaBon?  Avoid  “lock-­‐in”   What  is  CSP  goes  bankrupt?       Service  Level  Agreement  (“SLA”)   •  Usually  rely  upon  service  credits  in  event  of  specified   period  of  downBme,  BUT  credits  mean  liKle  when  the   service  is  down!     AudiBng/compliance?   ®  
    •    The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons   Google  Apps  Examples:   “Representa,ons.  …Google  warrants  that  it  will  provide  the  Services  in   accordance  with  the  applicable  SLA.”   “Disclaimers.  EXCEPT  AS  EXPRESSLY  PROVIDED  FOR  HEREIN,  NEITHER   PARTY  MAKES  ANY  OTHER  WARRANTY  OF  ANY  KIND,  WHETHER  EXPRESS,   IMPLIED,  STATUTORY  OR  OTHERWISE,  INCLUDING  WITHOUT  LIMITATION   WARRANTIES  OF  MERCHANTABILITY,  FITNESS  FOR  A  PARTICULAR  USE  AND   NONINFRINGEMENT.  GOOGLE  MAKES  NO  REPRESENTATIONS  ABOUT  ANY   CONTENT  OR  INFORMATION  MADE  ACCESSIBLE  BY  OR  THROUGH  THE   SERVICE.  THE  SERVICE  IS  NEITHER  DESIGNED  NOR  INTENDED  FOR  HIGH   RISK  ACTIVITIES.  CUSTOMER  ACKNOWLEDGES  THAT  THE  SERVICES  ARE  NOT   A  TELEPHONY  SERVICE  AND  THAT  THE  SERVICES  ARE  NOT  CAPABLE  OF   PLACING  OR  RECEIVING  ANY  CALLS,  INCLUDING  EMERGENCY  SERVICES   CALLS,  OVER  PUBLICLY  SWITCHED  TELEPHONE  NETWORKS.     ®  
    •    The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons    Google  Apps  Examples:    “Limita,on  on  Indirect  Liability.  NEITHER  PARTY  WILL  BE  LIABLE  UNDER  THIS     AGREEMENT  FOR  LOST  REVENUES  OR  INDIRECT,  SPECIAL,  INCIDENTAL,   CONSEQUENTIAL,  EXEMPLARY,  OR  PUNITIVE  DAMAGES,  EVEN  IF  THE  PARTY   KNEW  OR  SHOULD  HAVE  KNOWN  THAT  SUCH  DAMAGES  WERE  POSSIBLE  AND   EVEN  IF  DIRECT  DAMAGES  DO  NOT  SATISFY  A  REMEDY.”      “Limita,on  on  Amount  of  Liability.  NEITHER  PARTY  MAY  BE  HELD  LIABLE   UNDER  THIS  AGREEMENT  FOR  MORE  THAN  THE  AMOUNT  PAID  BY   CUSTOMER  TO  GOOGLE  DURING  THE  TWELVE  MONTHS  PRIOR  TO  THE  EVENT   GIVING  RISE  TO  LIABILITY.    “Governing  Law.  This  Agreement  is  governed  by  California  law,  excluding  that   state’s  choice  of  law  rules.  FOR  ANY  DISPUTE  RELATING  TO  THIS  AGREEMENT,   THE  PARTIES  CONSENT  TO  PERSONAL  JURISDICTION  IN,  AND  THE  EXCLUSIVE   VENUE  OF,  THE  COURTS  IN  SANTA  CLARA  COUNTY,  CALIFORNIA.  “   ®  
    • The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     MUST  take  CSP  operaBonal  model  into  consideraBon  to   address  specific  points  of  impact  and  allocate  risk  –  KNOW   the  3P  providers     REVIEW  service  levels/credits  with  a  wary  eye  –  may  NOT  be   enough  to  cover  for  impact  of  downBme  on  business     MUST  address  data  export  capabiliBes  and  ensure   compaBbility  with  business  conBnuity  and  DR  plan     NEGOTIATE…NEGOTIATE…NEGOTIATE!   ®  
    • Weather  Brewing  on  the  Horizon:   Intellectual  Property    Intellectual  property  rights  and  the  “cloud”  more   difficult  to  address:   •  No  tradiBonal  license  model   •  “Legacy”  systems/soQware  –  connecBvity  to  the   “cloud”  may  not  be  consistent  with  exisBng  licenses   •  Possible  fixaBon  issues  due  to  distributed  architecture    Evolving  technology  means  the  law  is  desperately   trying  to  catch-­‐up    Trade  secrets  issues  –  inconsistent  with  cloud  model?   ®  
    • Weather  Brewing  on  the  Horizon:   Intellectual  Property    Copyright   •  Remote  storage  DVR  system  held  not  to  be  a  violaBon  of   U.S.  copyright  law  (See  Cartoon  Network  LP,  LLLP  v.  CSC   Holdings,  Inc.,  536  F.3d  121  (2nd  Cir.  2008),  cert.  den’d  129   S.Ct.  2890  (2009))   •  Aereo  (retransmission  of  over-­‐the-­‐air  broadcasts  to  mobile   devices)   •  Digital  Entertainment  Content  Ecosystem  (DECE)  –  a.k.a.   “Ultraviolet”  -­‐    purchase  content  once,  then  view  in  many   formats  and  on  many  devices  from  cloud-­‐based  account   ®  
    • Weather  Brewing  on  the  Horizon:   Intellectual  Property            Trade  Secrets  –  protecBons  may  be  more  limited!   Trade  secret  informaBon  stored  in  the  cloud  may  be  subject  to  loopholes   that  permit  unauthorized  third-­‐party  disclosure.  See  Sherman  &  Co.  v.   Salton  Maxim  Housewares,  Inc.,  94  F.Supp.2d  817  (E.D.  Mich.  2000)   (holding  that  the  Stored  CommunicaBons  Act  only  prohibits  the   disclosure  of  stored  communicaBons  where  the  disclosing  party  provides   an  “electronic  communicaBon  service”,  and  a  person  who  does  not   provide  such  a  service  "can  disclose  or  use  with  impunity  the  contents  of   an  electronic  communicaBon  unlawfully  obtained  from  storage."  (citaBon   omiKed)).   ®  
    • Weather  Brewing  on  the  Horizon:   Intellectual  Property     MUST  determine  how  IP  “creators”  in  organizaBon   would  be  using  CSP  services  and  where  stored     REVIEW  any  legacy  system  Be-­‐in  to  cloud  for  license   compliance     RETHINK  placing  trade  secret  informaBon  within  the   cloud  –  law  is  evolving  here   ®  
    • Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon    Discovery  of  electronically  stored  informaBon  (“ESI”)   drama-cally  more  difficult  in  the  cloud   •  Data  preservaBon/integrity  hard  to  manage   •  Data  may  be  housed  in  mul-ple  countries   •  CSPs  may  use  3P  providers      JurisdicBonal  issues   •  Enforceability  –  mulBple  countries  vs.  governing  law   •  Country  where  data  is  resident  in  computer  facility  –   governmental  access?   ®  
    • Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon     PreservaBon  is  KEY   •  Unlike  outsourced  soluBons,  users  may  not  know  what   infrastructure  they  are  using  or  the  physical  locaBon  of   data   •  CSP  may  be  able  to  retrieve  the  data,  but  NOT  know  where   your  data  is  for  the  purpose  of  a  liBgaBon  hold   •  CSP  may  use  third-­‐party  service  providers  for  elements  of   services  provided  to  the  user,  exacerbaBng  the  issue     Courts  may  NOT  disBnguish  servers  in  the  “cloud”   from  ones  in  direct  possession   ®  
    • Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon     SpoliaBon   •  Cloud  infrastructure  increases  spoliaBon  risk   •  Where  CSPs  use  3P  providers  –  greater  danger     Data  Integrity   •  Data  at  rest  –  MUST  be  free  from  corrupBon   •  How  to  ensure  NO  CHANGE  to  data  upon  hold?     Standard  CSP  agreements  do  NOT  account  for   possibility  of  ESI  preservaBon  by  default   ®  
    • Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon    MUST  account  for  specific  CSP  model  and  viability  of   the  CSP  regarding  ability  to  comply  with  e-­‐discovery   and  liBgaBon  holds    DEMAND  accountability  for  handling  of  ESI   •  General  “cooperaBon”  clause   •  Acknowledge  compliance  with  liBgaBon  holds    STRONGLY  CONSIDER  a  separate  agreement   ®  
    • Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    Law  firm  use  of  CSPs  for  their  IT  needs  growing    ConsideraBons  are  more  delicate  for  law  firms  due  to   client  confidenBality  obligaBons,  privilege,  etc.    BoKom  line:  it  is  available,  but  is  it  ethical?   ®  
    • Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    Answer:    IT  DEPENDS    17  states  so  far:  Use  of  CSPs  for  storage  of  client  files  so  long   as  a  reasonable  standard  of  care  is  exercised,  BUT  differences:    Alabama,  Arizona,  California,  ConnecBcut,  Florida,  Iowa,  Maine,   MassachuseKs,  New  Hampshire,  New  Jersey,  Nevada,  New  York,  North   Carolina,  Oregon,  Pennsylvania,  Vermont  &  Virginia    BoKom  Line:        Use  DILIGENCE  and  COMPETENCE  exercising  reasonable  care    MUST  have  a  BASIC  understanding  of  the  technologies  used    Have  an  OBLIGATION  to  remain  current  on  the  technologies   ®  
    • Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    What  is  considered  a  “reasonable  standard  of  care”?     •  MUST  be  knowledgeable  about  CSP  handling  of  data     •  MUST  contract  with  CSP  to  preserve  confidenBality/security  of  data    Transposing  the  “reasonableness”  standard  from  “brick  &   mortar”  to  the  “cloud”  not  as  easy  as  you  may  think:   •  •  •  •  •  Security  –  client  confidenBality  requires  strong  contractual  protecBons   Backups  –  MUST  think  about  IaaS  infrastructure   Data  access  –  SLA  service  credit  should  NOT  be  sole  remedy   Portability  –  Transfer  of  data  in  event  of  terminaBon  crucial   Bankruptcy  of  CSP  –  how  to  account  for  possibility?   ®  
    • Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    USE  COMMON  SENSE   •  Understand  how  the  CSP  will  handle  the  data   •  Don’t  be  afraid  to  ask  quesBons  –  arguably  have  a  duty  TO   ask  them!   •  Security  should  cover  both  soQware  capabiliBes  AND   physical  faciliBes    BoKom  Line:  LET’S  BE  CAREFUL  OUT  THERE!…   ®  
    • “Partly Sunny with a Chance of Rain”: Forecasting the Legal Issues in Cloud Computing   Q  &  A                                          Email:  tom.kulik@solidcounsel.com            LinkedIn:  hKp://www.linkedin.com/in/tkulik            TwiKer:  @LegaIntangibls            Google+:  hKp://gplus.to/TomKulik              Blog:  hKp://www.legalintangibles.com   ®