Chicago . Frankfurt . London . Los Angeles . New York . Palo Alto . Shanghai . Washington DC . West Palm BeachData Securit...
Audience Poll• Do you have company trade secrets in  the Cloud?• Do you have contractual consent to use  U.S. health and f...
Data Security vs. Privacy• To identify and protect against  your risks, you need to  distinguish between company  data and...
Risk No. 1: Regulatory Requirements• Data security requirements  imposed by US regulations   – HIPPA, HITECH, GLB, SOX,   ...
Risk No. 2: Practical Data Hazards• Weak technical access  protection• Provider’s employees• Provider’s subcontractors• La...
Risk No. 3: Litigation Holds• Can you meet litigation  document hold requirements  if your data is in the Cloud?• Is metad...
Risk No. 4: Can You Use Available LegalOptions Under EEA Law?• Safe Harbor• Approved Clauses• Binding Corporate       6035...
Risk No. 5: Low Price Comes at a Cost• Generally, Utility Cloud  providers: – Rely on third party platforms   and software...
Risk No. 6. Do Tier 1 Providers Go FarEnough?• Offer Private Clouds, but  they may still fall short of  legal obligations•...
Risk No. 7: Is There Sufficient SoftwareChange Control?• If Provider changes software or  version, will your software stil...
Risk No. 8: Database Breaches• Who bears cost of: – Determining liability and exposure   under state law? – Providing stat...
Questions and Answers    William A. Tanenbaum        Chair, Technology, Intellectual        Property & Outsourcing Group  ...
William A. Tanenbaum wtanenbaum@kayescholer.com• William A. Tanenbaum is the international chair of both Kaye Scholer’s Te...
William A. Tanenbaum (cont’d)• Bill’s Information Technology Law practice has been recognized for over ten years by Best  ...
Chicago . Frankfurt . London . Los Angeles . New York . Palo Alto . Shanghai . Washington DC . West Palm Beach           C...
Upcoming SlideShare
Loading in …5
×

Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourcing Interests Group Conference

620
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
620
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourcing Interests Group Conference

  1. 1. Chicago . Frankfurt . London . Los Angeles . New York . Palo Alto . Shanghai . Washington DC . West Palm BeachData Security and Privacy Risks inCloud Computing William A. Tanenbaum Chair, Technology, Intellectual Property & Outsourcing Group, and Chair, GreenTech and Sustainability Group Kaye Scholer LLP New York and Palo Alto Offices
  2. 2. Audience Poll• Do you have company trade secrets in the Cloud?• Do you have contractual consent to use U.S. health and financial personal data?• Do you have customer data from Europe in the Cloud?• Has a court ordered you to preserve litigation documents?• Will your Cloud provider pay for costs of database breaches? 60350343.PPTX
  3. 3. Data Security vs. Privacy• To identify and protect against your risks, you need to distinguish between company data and personally identifiable information (“PII”)• Unauthorized access vs. impermissible use60414334.PPTX
  4. 4. Risk No. 1: Regulatory Requirements• Data security requirements imposed by US regulations – HIPPA, HITECH, GLB, SOX, FTC Act § 5, FERPA, Massachusetts, other states• Raises audit issues• Also export control regulations60350343.PPTX
  5. 5. Risk No. 2: Practical Data Hazards• Weak technical access protection• Provider’s employees• Provider’s subcontractors• Lack of transparency• Lack of customer control60350343.PPTX
  6. 6. Risk No. 3: Litigation Holds• Can you meet litigation document hold requirements if your data is in the Cloud?• Is metadata a legal and practical solution?• Who pays tagging costs? 60350343.PPTX
  7. 7. Risk No. 4: Can You Use Available LegalOptions Under EEA Law?• Safe Harbor• Approved Clauses• Binding Corporate 60350343.PPTX
  8. 8. Risk No. 5: Low Price Comes at a Cost• Generally, Utility Cloud providers: – Rely on third party platforms and software – Use one-sided contracts – No ability to negotiate stronger protections – No service levels – Disclaim liability• Conclusion: may not meet customer’s legal obligations 60350343.PPTX
  9. 9. Risk No. 6. Do Tier 1 Providers Go FarEnough?• Offer Private Clouds, but they may still fall short of legal obligations• Offer more location specificity, but still may fall short• Pay extra for data security• At some point, tips into custom data center and hosting services, and becomes more ITO than Cloud60350343.PPTX
  10. 10. Risk No. 7: Is There Sufficient SoftwareChange Control?• If Provider changes software or version, will your software still work?• Can compromise on advance notice?• Caution: what do online terms and conditions allow?60350343.PPTX
  11. 11. Risk No. 8: Database Breaches• Who bears cost of: – Determining liability and exposure under state law? – Providing statutory notices? – Providing identity protection services? – Providing call centers and other customer-facing remediation? – Government investigations? – Infrastructure upgrades? 60350343.PPTX
  12. 12. Questions and Answers William A. Tanenbaum Chair, Technology, Intellectual Property & Outsourcing Group Chair, GreenTech and Sustainability Group Kaye Scholer LLP, New York and Palo Alto wtanenbaum@kayescholer.com 212-836-766160350343.PPTX
  13. 13. William A. Tanenbaum wtanenbaum@kayescholer.com• William A. Tanenbaum is the international chair of both Kaye Scholer’s Technology, Intellectual Property & Outsourcing Group and its GreenTech and Sustainability Group, and works in the firm’s New York and Palo Alto offices. Legal Researcher Chambers found that Bill:• “built one of New York City‟s most outstanding transactional IT practices,”• is an “internationally recognized intellectual property, technology and outsourcing lawyer,”• is a “well-respected attorney, with a well-informed approach [who] provides litigation, transaction work and strategic counseling on a range of technology and outsourcing-related issues,”• is “efficient, solution-driven and makes excellent judgment calls,”• is “a leading light” in outsourcing with “household names” in his client roster,• is “an acknowledged expert on the convergence of mainstream business with cleantech,” and that• “clients highlight his IP experience but „commend his command of the whole deal.‟”• The Legal 500 publication found that Bill is “an outstanding attorney with a deep knowledge and understanding of technology and outsourcing and a deeply principled and trustworthy colleague.” 60350343.PPTX
  14. 14. William A. Tanenbaum (cont’d)• Bill’s Information Technology Law practice has been recognized for over ten years by Best Lawyers and was ranked in the First Tier in New York in the 2010 Best Law Firms Survey by U.S. News and World Report. Because of the strength of his Group’s practice, Kaye Scholer was named as the “Internet & E-Commerce Law Firm of the Year” by The Lawyers World Law Awards 2011. He is a past President of the ITech Law Association and a graduate of Brown University (Phi Beta Kappa), Cornell Law School, and the Bob Bondurant School of High Performance Driving. Chambers recognized him as a “Leading Individual” and awarded him “Recommended” ratings in both “Technology and IT Outsourcing” and “Business Process Outsourcing,” and named him as a “Notable Practitioner” at the national level in Outsourcing. He was voted one of the World‟s Top 250 IP strategists (IAM client survey) and he was selected as one of the country‟s top 25 pre-eminent IT practitioners in the Best of the Best USA. He regularly advises clients on strategic intellectual property concerns, privacy, data security, data transfer, information life cycle management and competitive intelligence matters, in both transactional and litigation contexts. His the founder and co-chair of PLI’s annual legal Outsourcing Conference and the founder and chair of PLI’s annual GreenTech Law and Business Conference. He is listed in Who‟s Who in America, the International Who‟s Who of Business Lawyers, the Guide to the World‟s Leading Litigation Experts and the Guide to the World‟s Leading Patent Law Experts. He was the privacy and data protection columnist for the New York Law Journal, co-author of a book on privacy law and has been quoted in The Economist magazine as an expert on IP law. His articles have been used at Harvard and other law schools. 60350343.PPTX
  15. 15. Chicago . Frankfurt . London . Los Angeles . New York . Palo Alto . Shanghai . Washington DC . West Palm Beach Copyright ©2011 by Kaye Scholer LLP. All Rights Reserved. This publication is intended as a general guide only. It does not contain a general legal analysis or constitute an opinion of Kaye Scholer LLP or any member of the firm on legal issues described. It is recommended that readers not rely on this general guide in structuring individual transactions but that professional advice be sought in connection with individual transactions. References herein to “Kaye Scholer LLP & Affiliates,” “Kaye Scholer,” “Kaye Scholer LLP,” “the firm” and terms of similar import refer to Kaye Scholer LLP and its affiliates operating in various jurisdictions.

×