Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourcing Interests Group Conference


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Chicago . Frankfurt . London . Los Angeles . New York . Palo Alto . Shanghai . Washington DC . West Palm BeachData Security and Privacy Risks inCloud Computing William A. Tanenbaum Chair, Technology, Intellectual Property & Outsourcing Group, and Chair, GreenTech and Sustainability Group Kaye Scholer LLP New York and Palo Alto Offices
  • 2. Audience Poll• Do you have company trade secrets in the Cloud?• Do you have contractual consent to use U.S. health and financial personal data?• Do you have customer data from Europe in the Cloud?• Has a court ordered you to preserve litigation documents?• Will your Cloud provider pay for costs of database breaches? 60350343.PPTX
  • 3. Data Security vs. Privacy• To identify and protect against your risks, you need to distinguish between company data and personally identifiable information (“PII”)• Unauthorized access vs. impermissible use60414334.PPTX
  • 4. Risk No. 1: Regulatory Requirements• Data security requirements imposed by US regulations – HIPPA, HITECH, GLB, SOX, FTC Act § 5, FERPA, Massachusetts, other states• Raises audit issues• Also export control regulations60350343.PPTX
  • 5. Risk No. 2: Practical Data Hazards• Weak technical access protection• Provider’s employees• Provider’s subcontractors• Lack of transparency• Lack of customer control60350343.PPTX
  • 6. Risk No. 3: Litigation Holds• Can you meet litigation document hold requirements if your data is in the Cloud?• Is metadata a legal and practical solution?• Who pays tagging costs? 60350343.PPTX
  • 7. Risk No. 4: Can You Use Available LegalOptions Under EEA Law?• Safe Harbor• Approved Clauses• Binding Corporate 60350343.PPTX
  • 8. Risk No. 5: Low Price Comes at a Cost• Generally, Utility Cloud providers: – Rely on third party platforms and software – Use one-sided contracts – No ability to negotiate stronger protections – No service levels – Disclaim liability• Conclusion: may not meet customer’s legal obligations 60350343.PPTX
  • 9. Risk No. 6. Do Tier 1 Providers Go FarEnough?• Offer Private Clouds, but they may still fall short of legal obligations• Offer more location specificity, but still may fall short• Pay extra for data security• At some point, tips into custom data center and hosting services, and becomes more ITO than Cloud60350343.PPTX
  • 10. Risk No. 7: Is There Sufficient SoftwareChange Control?• If Provider changes software or version, will your software still work?• Can compromise on advance notice?• Caution: what do online terms and conditions allow?60350343.PPTX
  • 11. Risk No. 8: Database Breaches• Who bears cost of: – Determining liability and exposure under state law? – Providing statutory notices? – Providing identity protection services? – Providing call centers and other customer-facing remediation? – Government investigations? – Infrastructure upgrades? 60350343.PPTX
  • 12. Questions and Answers William A. Tanenbaum Chair, Technology, Intellectual Property & Outsourcing Group Chair, GreenTech and Sustainability Group Kaye Scholer LLP, New York and Palo Alto 212-836-766160350343.PPTX
  • 13. William A. Tanenbaum• William A. Tanenbaum is the international chair of both Kaye Scholer’s Technology, Intellectual Property & Outsourcing Group and its GreenTech and Sustainability Group, and works in the firm’s New York and Palo Alto offices. Legal Researcher Chambers found that Bill:• “built one of New York City‟s most outstanding transactional IT practices,”• is an “internationally recognized intellectual property, technology and outsourcing lawyer,”• is a “well-respected attorney, with a well-informed approach [who] provides litigation, transaction work and strategic counseling on a range of technology and outsourcing-related issues,”• is “efficient, solution-driven and makes excellent judgment calls,”• is “a leading light” in outsourcing with “household names” in his client roster,• is “an acknowledged expert on the convergence of mainstream business with cleantech,” and that• “clients highlight his IP experience but „commend his command of the whole deal.‟”• The Legal 500 publication found that Bill is “an outstanding attorney with a deep knowledge and understanding of technology and outsourcing and a deeply principled and trustworthy colleague.” 60350343.PPTX
  • 14. William A. Tanenbaum (cont’d)• Bill’s Information Technology Law practice has been recognized for over ten years by Best Lawyers and was ranked in the First Tier in New York in the 2010 Best Law Firms Survey by U.S. News and World Report. Because of the strength of his Group’s practice, Kaye Scholer was named as the “Internet & E-Commerce Law Firm of the Year” by The Lawyers World Law Awards 2011. He is a past President of the ITech Law Association and a graduate of Brown University (Phi Beta Kappa), Cornell Law School, and the Bob Bondurant School of High Performance Driving. Chambers recognized him as a “Leading Individual” and awarded him “Recommended” ratings in both “Technology and IT Outsourcing” and “Business Process Outsourcing,” and named him as a “Notable Practitioner” at the national level in Outsourcing. He was voted one of the World‟s Top 250 IP strategists (IAM client survey) and he was selected as one of the country‟s top 25 pre-eminent IT practitioners in the Best of the Best USA. He regularly advises clients on strategic intellectual property concerns, privacy, data security, data transfer, information life cycle management and competitive intelligence matters, in both transactional and litigation contexts. His the founder and co-chair of PLI’s annual legal Outsourcing Conference and the founder and chair of PLI’s annual GreenTech Law and Business Conference. He is listed in Who‟s Who in America, the International Who‟s Who of Business Lawyers, the Guide to the World‟s Leading Litigation Experts and the Guide to the World‟s Leading Patent Law Experts. He was the privacy and data protection columnist for the New York Law Journal, co-author of a book on privacy law and has been quoted in The Economist magazine as an expert on IP law. His articles have been used at Harvard and other law schools. 60350343.PPTX
  • 15. Chicago . Frankfurt . London . Los Angeles . New York . Palo Alto . Shanghai . Washington DC . West Palm Beach Copyright ©2011 by Kaye Scholer LLP. All Rights Reserved. This publication is intended as a general guide only. It does not contain a general legal analysis or constitute an opinion of Kaye Scholer LLP or any member of the firm on legal issues described. It is recommended that readers not rely on this general guide in structuring individual transactions but that professional advice be sought in connection with individual transactions. References herein to “Kaye Scholer LLP & Affiliates,” “Kaye Scholer,” “Kaye Scholer LLP,” “the firm” and terms of similar import refer to Kaye Scholer LLP and its affiliates operating in various jurisdictions.