SlideShare a Scribd company logo

Cloud Computing: What You Don't Know Can Hurt You

Patrick Fowler
Patrick Fowler

An introduction to some of the legal issues surrounding cloud computing

Technology
1 of 35
Download to read offline
Patrick X. Fowler, Esq. Snell & Wilmer LLP Phoenix, Arizona 602.382.6213 | pfowler@swlaw.com Cloud Computing: What You Don’t Know Can Hurt You © 2012 Snell & Wilmer L.L.P 1
Today’s Topics • What is cloud computing? • Common cloud computing applications • How does it work? • Cloud computing concerns ◦ Data Ownership and Access ◦ Data Location and Security ◦ Data Privacy in the US and EU © 2012 Snell & Wilmer L.L.P 2
What is Cloud Computing? • Using the internet… • to access remotely-located computer servers… • for scalable, on-demand software applications, computing power and data storage… • that you might pay a fee for, but don’t own. © 2012 Snell & Wilmer L.L.P 3
Common Cloud Applications • Webmail – Gmail, Hotmail, AOL • Productivity – Microsoft Office 365, GoogleDocs • Data Sharing – Dropbox, GoToMeeting • Data Storage – iCloud, Amazon, Carbonite • Social Media – Facebook, LinkedIn, YouTube • Retailing – Amazon, Apple, eBay • Banking – Chase, Bank of America • Government – www.apps.gov © 2012 Snell & Wilmer L.L.P 4
Most Common Use of the Cloud? • Social Networking – By Far © 2012 Snell & Wilmer L.L.P 5
“Official” Government Definition National Institute of Standards and Technology Responsible for developing standards and guidelines for providing information security for all federal gov’t agencies and assets. NIST Special Publication 800- 145 (September 2011) © 2012 Snell & Wilmer L.L.P 6
Why Are We Moving to the Cloud? • It’s much cheaper to rent than to own. ◦ Outsourcing to the cloud reduces corporate data storage costs by 80%, and requires a smaller IT staff • It’s more flexible/scalable/elastic. ◦ Quickly expand and contract storage and computing needs, based on demand. ◦ Faster access to improved technology. • It’s more secure – in some respects. ◦ Remote, redundant data back-ups in case of disaster © 2012 Snell & Wilmer L.L.P 7
How Does Cloud Computing Work? • Major cloud providers: ◦ Amazon ◦ Google ◦ Microsoft ◦ Apple • Major cloud providers have multiple, distant data centers (i.e. server farms) where data is redundantly stored/processed. © 2012 Snell & Wilmer L.L.P 8
Cloud Data Center Locations • Amazon: ◦ North America (CA, OR) ◦ EU (Ireland) ◦ Asia (Singapore, Tokyo) ◦ South America (Brazil) ◦ Future: Buried in Siberian permafrost? • Google: ◦ USA (SC, NC, GA, OK, IA, OR) ◦ Finland, Belgium ◦ Hong Kong, Singapore, Taiwan ◦ Future: Cargo ships powered & cooled by the sea? © 2012 Snell & Wilmer L.L.P 9
How is Data Stored in the Cloud? Per Google’s web site: • Data is not stored on a single machine or set of machines; data from all Google customers is distributed amongst a shared infrastructure composed of many computers located across Google’s many data centers. • Data is chunked and replicated over multiple systems so that no one system is a single point of failure. Data chunks are given random file names and they’re not stored in clear text, so they’re not humanly readable. Source: http://www.google.com/about/datacenters/inside/data-security.html# © 2012 Snell & Wilmer L.L.P 10
Cloud Computing Concerns • Data Ownership & Access • Data Location and Security • Data Privacy • What Law Governs? • E-Discovery Obligations If possible, your contract with the cloud provider should address these issues. © 2012 Snell & Wilmer L.L.P 11
Data Ownership & Access © 2012 Snell & Wilmer L.L.P 12
Cloud Data Ownership & Access • Who owns the data once it has been uploaded? ◦ Short Answer: Should not be the cloud provider! • Who owns the servers where the data is stored? ◦ Is it the party with whom you contracted? A third party? How many links in the contract chain? • How often will the data be accessible? ◦ Industry custom is 99.99% of the time. • What happens if access is interrupted? ◦ Are fee credits provided? © 2012 Snell & Wilmer L.L.P 13
Cloud Data Ownership & Access • If you terminate the agreement with the cloud provider, what happens to your data? ◦ How long will your data remain on the cloud servers? ◦ Is it then deleted from the cloud provider’s servers? - Important when dealing with customer data, credit card information, HIPAA data, etc. • What if the cloud provider goes bankrupt or is shut down by a government? ◦ Example: MegaUpload seized by DOJ in January ’12 • E-discovery obligations? © 2012 Snell & Wilmer L.L.P 14
Data Storage Location & Security © 2012 Snell & Wilmer L.L.P 15
Data Storage Location & Security • In what countries are the cloud data centers located that will store your data? ◦ Evaluate the data privacy laws where the data centers are located. ◦ Consider potential jurisdictional and choice of law issues. • Is the data required to be maintained within a certain country? ◦ E.g., Government records, national defense materials. © 2012 Snell & Wilmer L.L.P 16
Data Storage Location & Security • What physical and digital security standards does the cloud provider adhere to? Will it tell you? • How do they compare to the security procedures used by Amazon, Google and Microsoft? • Do outside auditors certify the proper storage and use of data by the cloud provider? © 2012 Snell & Wilmer L.L.P 17
Data Storage Location & Security • Physical security measures: ◦ Non-descript facilities, restricted physical access, video surveillance, biometric clearance; ◦ Fire detection and suppression, uninterrupted power supply, climate and temperature control; ◦ Redundant data storage in different locations; ◦ A business continuity and disaster recovery plan to ensure service is maintained & to recover any data loss. © 2012 Snell & Wilmer L.L.P 18
Data Storage Location & Security • Digital security measures: ◦ Is your data securely stored when “at rest” and securely moved between locations? ◦ Does the cloud provider have rights to access your data? If so, why? ◦ Is your data stored in aggregate with other customers? If so, how good is the disaggregation? ◦ How does the cloud provider decommission old storage devices that once held your data? © 2012 Snell & Wilmer L.L.P 19
Data Storage Location & Security • What if your data is corrupted, lost or stolen? ◦ Caveat emptor. Let the buyer beware. ◦ Terms of service typically disclaim all warranties and exclude liability for any damages. • Example: ◦ “WE AND OUR AFFILIATES OR LICENSORS WILL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE OR DATA), EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES….” © 2012 Snell & Wilmer L.L.P 20
Choose your cloud provider wisely! • If you have little or no leverage in negotiating terms with the cloud provider… ◦ Is the cloud provider reputable & reliable? - How transparent is the cloud provider willing to be? - Quality vs. price – you probably get what you pay for. - Is the cost savings worth the risk of data loss/interruption? ◦ What contingency plan do you have if the service fails? - Separate, independent digital back-up? - Hard copy back-up? ◦ What remedies, if any, do you have against the cloud provider if there is data loss or service failure? © 2012 Snell & Wilmer L.L.P 21
Data Privacy © 2012 Snell & Wilmer L.L.P 22
Data Privacy Issues • Data in the cloud is subject to different protections than information stored in-house; ◦ Data in the cloud = held by a third-party • Currently: there is a patchwork of Federal and State data privacy laws; • US and EU data privacy rules significantly differ; ◦ EU has more protections and regulations • US and EU have recently proposed expanded data privacy regulations. © 2012 Snell & Wilmer L.L.P 23
Data Privacy Issues • Existing laws can compel disclosure of cloud data to the government. ◦ Electronic Communications Privacy Act (ECPA) ◦ Stored Communications Act (SCA) ◦ USA Patriot Act - National Security Letters - Foreign Intelligence Surveillance Act (FISA) Warrants ◦ Warrants and subpoenas generally © 2012 Snell & Wilmer L.L.P 24
Data Privacy Issues • Current rules imposing data security and/or breach notification obligations, including: ◦ Sarbanes-Oxley ◦ Family Educational Rights and Privacy Act (FERPA) ◦ Health Insurance Portability & Accountability Act (HIPAA) ◦ Health Information Technology for Economic and Clincal Health (HITECH) Act ◦ Gramm-Leach-Biley Act (GLBA) ◦ FTC Act, Section 5 (for companies that store customer information on the cloud) ◦ State Laws and Regulations © 2012 Snell & Wilmer L.L.P 25
Data Privacy: New Regulations? • Significantly expanded data privacy regulation schemes proposed in early 2012: ◦ White House: Consumer Privacy Bill of Rights ◦ EU: New General Data Protection Regulations © 2012 Snell & Wilmer L.L.P 26
Data Privacy: New Regulations? White House Proposal – Feb. 2012 On-line Consumer Privacy Bill of Rights Enforceable Codes of Conduct Expanded FTC Role Re Data Privacy Rights Enforcement Increased “Global Interoperability” re various consumer data privacy regs © 2012 Snell & Wilmer L.L.P 27
Proposed “Consumer Privacy Bill of Rights” • Intended goals are: ◦ Preserve online consumer trust in the internet economy, ◦ While providing Internet companies with the regulatory certainty needed to permit innovation in on-line commerce. • Available on-line: ◦ http://www.whitehouse.gov/sites/default/files/privacy-final.pdf © 2012 Snell & Wilmer L.L.P 28
Proposed “Consumer Privacy Bill of Rights” • Individual Control by consumers of the data collected by companies and how those companies use such data; • Transparency regarding privacy and security practices; • Respect for Context to ensure that companies use data consistently with the context in which the consumer provides the data; • Security in handling personal data; © 2012 Snell & Wilmer L.L.P 29
Proposed “Consumer Privacy Bill of Rights” • Access and Accuracy including the right of consumers to access and correct personal data; • Focused Collection through reasonable limits on collection and retention by companies of personal data; and • Accountability to ensure that companies handling data adhere to the Consumer Privacy Bill of Rights. © 2012 Snell & Wilmer L.L.P 30
Proposed “Consumer Privacy Bill of Rights” • The White House proposes voluntary adoption of a binding code of conduct incorporating the privacy principles in the bill of rights…thus making it enforceable under Section 5 of the FTC Act. • Alternatively, the White House proposes that Congress pass a law incorporating the privacy bill of rights. • Unlikely that Congress will pass legislation this year. © 2012 Snell & Wilmer L.L.P 31
Proposed EU Data Protection Regulations Proposed January 25, 2012 Significant expansion of current EU data privacy scheme Data privacy already a fundamental right, per the EU Constitution Potential implications beyond EU borders © 2012 Snell & Wilmer L.L.P 32
Proposed EU Data Protection Regulations • Would apply to almost all data collection and processing activities regarding EU “data subjects” ◦ Would cover controllers and processors located in the EU ◦ Would also cover controllers and processers located outside of the EU if they offer goods or services to data subjects in the EU or monitor their behavior • Increased protections must be assured before consumer data may be moved outside the EU © 2012 Snell & Wilmer L.L.P 33
Proposed EU Data Protection Regulations • Provides increased consumer control of data ◦ With few exceptions, data subjects must give “informed consent” (generally through an “opt-in” process) before their personal data may be processed; • Internet users would have “The Right to be Forgotten” ◦ Data subject would be entitled to have personal data erased, even if the data has been made public! • Available on-line: http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf © 2012 Snell & Wilmer L.L.P 34
Thank you Patrick X. Fowler, Esq. Snell & Wilmer LLP Phoenix, Arizona 602.382.6213 | pfowler@swlaw.com © 2012 Snell & Wilmer L.L.P 35

Recommended

Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3J. David Morris
 
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for LawyersIowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for LawyersNicole Black
 
2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery2 7-2013-big data and e-discovery
2 7-2013-big data and e-discoveryExterro
 
Trends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the RisksTrends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the RisksNicole Garton
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdprExponential_e
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & PrivacyAbzetdin Adamov
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyClaudiu Popa
 

Recommended

Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3J. David Morris
 
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for LawyersIowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for LawyersNicole Black
 
2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery2 7-2013-big data and e-discovery
2 7-2013-big data and e-discoveryExterro
 
Trends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the RisksTrends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the RisksNicole Garton
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdprExponential_e
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & PrivacyAbzetdin Adamov
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyClaudiu Popa
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
Privacy and Big Data Overload!
Privacy and Big Data Overload!Privacy and Big Data Overload!
Privacy and Big Data Overload!SparkPost
 
Ethics of Big Data
Ethics of Big DataEthics of Big Data
Ethics of Big DataMatti Vesala
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect stormUlf Mattsson
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Praveenkumar Hosangadi
 
Privacy in the Age of Big Data
Privacy in the Age of Big DataPrivacy in the Age of Big Data
Privacy in the Age of Big DataArab Federation for Digital Economy
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceCILIPScotland
 
Introduction by ann cavoukian
Introduction by ann cavoukianIntroduction by ann cavoukian
Introduction by ann cavoukianMaRS Discovery District
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
Identity, Security and Healthcare
Identity, Security and HealthcareIdentity, Security and Healthcare
Identity, Security and HealthcareNetIQ
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption publicJohn Mathon
 
Blockchain - Hype or Reality
Blockchain - Hype or RealityBlockchain - Hype or Reality
Blockchain - Hype or Realitysnewell4
 
Big Data and High Performance Computing
Big Data and High Performance ComputingBig Data and High Performance Computing
Big Data and High Performance ComputingAbzetdin Adamov
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...Jisc
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Dr. Ann Cavoukian
 
Egress Switch Introduction
Egress Switch IntroductionEgress Switch Introduction
Egress Switch Introductionyonifine
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsGetting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsDruva
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarCipherCloud
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public SectorMHCCloud
 

More Related Content

What's hot

Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
Privacy and Big Data Overload!
Privacy and Big Data Overload!Privacy and Big Data Overload!
Privacy and Big Data Overload!SparkPost
 
Ethics of Big Data
Ethics of Big DataEthics of Big Data
Ethics of Big DataMatti Vesala
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect stormUlf Mattsson
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Praveenkumar Hosangadi
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceCILIPScotland
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
Identity, Security and Healthcare
Identity, Security and HealthcareIdentity, Security and Healthcare
Identity, Security and HealthcareNetIQ
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption publicJohn Mathon
 
Blockchain - Hype or Reality
Blockchain - Hype or RealityBlockchain - Hype or Reality
Blockchain - Hype or Realitysnewell4
 
Big Data and High Performance Computing
Big Data and High Performance ComputingBig Data and High Performance Computing
Big Data and High Performance ComputingAbzetdin Adamov
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...Jisc
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Dr. Ann Cavoukian
 
Egress Switch Introduction
Egress Switch IntroductionEgress Switch Introduction
Egress Switch Introductionyonifine
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsGetting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsDruva
 

What's hot (20)

Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
 
Privacy and Big Data Overload!
Privacy and Big Data Overload!Privacy and Big Data Overload!
Privacy and Big Data Overload!
 
Ethics of Big Data
Ethics of Big DataEthics of Big Data
Ethics of Big Data
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
 
Privacy in the Age of Big Data
Privacy in the Age of Big DataPrivacy in the Age of Big Data
Privacy in the Age of Big Data
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
 
Introduction by ann cavoukian
Introduction by ann cavoukianIntroduction by ann cavoukian
Introduction by ann cavoukian
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
 
Identity, Security and Healthcare
Identity, Security and HealthcareIdentity, Security and Healthcare
Identity, Security and Healthcare
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption public
 
Blockchain - Hype or Reality
Blockchain - Hype or RealityBlockchain - Hype or Reality
Blockchain - Hype or Reality
 
Big Data and High Performance Computing
Big Data and High Performance ComputingBig Data and High Performance Computing
Big Data and High Performance Computing
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
 
Egress Switch Introduction
Egress Switch IntroductionEgress Switch Introduction
Egress Switch Introduction
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
 
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsGetting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensics
 

Similar to Cloud Computing: What You Don't Know Can Hurt You

Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarCipherCloud
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public SectorMHCCloud
 
Data sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profitsData sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profitsrgtechnologies
 
MPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum CollectionsMPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum CollectionsKacy Clarke
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Bianca Mueller, LL.M.
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänsterTranscendent Group
 
Clouds and Chains
Clouds and ChainsClouds and Chains
Clouds and ChainsTim Swanson
 
Legal ethics & cloud computing
Legal ethics & cloud computingLegal ethics & cloud computing
Legal ethics & cloud computingPatrick Fowler
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 PredictionsPrivacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 PredictionsResilient Systems
 
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...Executive Leaders Network
 
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc
 
Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2dbarton944
 
ACS cloud discussion paper
ACS cloud discussion paperACS cloud discussion paper
ACS cloud discussion paperRoland Padilla
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD Worldmkeane
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Brian K. Dickard
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 

Similar to Cloud Computing: What You Don't Know Can Hurt You (20)

Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public Sector
 
Data sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profitsData sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profits
 
MPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum CollectionsMPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum Collections
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänster
 
Clouds and Chains
Clouds and ChainsClouds and Chains
Clouds and Chains
 
Legal ethics & cloud computing
Legal ethics & cloud computingLegal ethics & cloud computing
Legal ethics & cloud computing
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data Privacy
 
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 PredictionsPrivacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
 
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
 
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data Graveyards
 
Onehub 101
Onehub 101Onehub 101
Onehub 101
 
Cloud security - Publication
Cloud security - Publication Cloud security - Publication
Cloud security - Publication
 
Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2
 
ACS cloud discussion paper
ACS cloud discussion paperACS cloud discussion paper
ACS cloud discussion paper
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 

Recently uploaded

Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 

Recently uploaded (20)

Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 

Cloud Computing: What You Don't Know Can Hurt You

  • 1. Patrick X. Fowler, Esq. Snell & Wilmer LLP Phoenix, Arizona 602.382.6213 | pfowler@swlaw.com Cloud Computing: What You Don’t Know Can Hurt You © 2012 Snell & Wilmer L.L.P 1
  • 2. Today’s Topics • What is cloud computing? • Common cloud computing applications • How does it work? • Cloud computing concerns ◦ Data Ownership and Access ◦ Data Location and Security ◦ Data Privacy in the US and EU © 2012 Snell & Wilmer L.L.P 2
  • 3. What is Cloud Computing? • Using the internet… • to access remotely-located computer servers… • for scalable, on-demand software applications, computing power and data storage… • that you might pay a fee for, but don’t own. © 2012 Snell & Wilmer L.L.P 3
  • 4. Common Cloud Applications • Webmail – Gmail, Hotmail, AOL • Productivity – Microsoft Office 365, GoogleDocs • Data Sharing – Dropbox, GoToMeeting • Data Storage – iCloud, Amazon, Carbonite • Social Media – Facebook, LinkedIn, YouTube • Retailing – Amazon, Apple, eBay • Banking – Chase, Bank of America • Government – www.apps.gov © 2012 Snell & Wilmer L.L.P 4
  • 5. Most Common Use of the Cloud? • Social Networking – By Far © 2012 Snell & Wilmer L.L.P 5
  • 6. “Official” Government Definition National Institute of Standards and Technology Responsible for developing standards and guidelines for providing information security for all federal gov’t agencies and assets. NIST Special Publication 800- 145 (September 2011) © 2012 Snell & Wilmer L.L.P 6
  • 7. Why Are We Moving to the Cloud? • It’s much cheaper to rent than to own. ◦ Outsourcing to the cloud reduces corporate data storage costs by 80%, and requires a smaller IT staff • It’s more flexible/scalable/elastic. ◦ Quickly expand and contract storage and computing needs, based on demand. ◦ Faster access to improved technology. • It’s more secure – in some respects. ◦ Remote, redundant data back-ups in case of disaster © 2012 Snell & Wilmer L.L.P 7
  • 8. How Does Cloud Computing Work? • Major cloud providers: ◦ Amazon ◦ Google ◦ Microsoft ◦ Apple • Major cloud providers have multiple, distant data centers (i.e. server farms) where data is redundantly stored/processed. © 2012 Snell & Wilmer L.L.P 8
  • 9. Cloud Data Center Locations • Amazon: ◦ North America (CA, OR) ◦ EU (Ireland) ◦ Asia (Singapore, Tokyo) ◦ South America (Brazil) ◦ Future: Buried in Siberian permafrost? • Google: ◦ USA (SC, NC, GA, OK, IA, OR) ◦ Finland, Belgium ◦ Hong Kong, Singapore, Taiwan ◦ Future: Cargo ships powered & cooled by the sea? © 2012 Snell & Wilmer L.L.P 9
  • 10. How is Data Stored in the Cloud? Per Google’s web site: • Data is not stored on a single machine or set of machines; data from all Google customers is distributed amongst a shared infrastructure composed of many computers located across Google’s many data centers. • Data is chunked and replicated over multiple systems so that no one system is a single point of failure. Data chunks are given random file names and they’re not stored in clear text, so they’re not humanly readable. Source: http://www.google.com/about/datacenters/inside/data-security.html# © 2012 Snell & Wilmer L.L.P 10
  • 11. Cloud Computing Concerns • Data Ownership & Access • Data Location and Security • Data Privacy • What Law Governs? • E-Discovery Obligations If possible, your contract with the cloud provider should address these issues. © 2012 Snell & Wilmer L.L.P 11
  • 12. Data Ownership & Access © 2012 Snell & Wilmer L.L.P 12
  • 13. Cloud Data Ownership & Access • Who owns the data once it has been uploaded? ◦ Short Answer: Should not be the cloud provider! • Who owns the servers where the data is stored? ◦ Is it the party with whom you contracted? A third party? How many links in the contract chain? • How often will the data be accessible? ◦ Industry custom is 99.99% of the time. • What happens if access is interrupted? ◦ Are fee credits provided? © 2012 Snell & Wilmer L.L.P 13
  • 14. Cloud Data Ownership & Access • If you terminate the agreement with the cloud provider, what happens to your data? ◦ How long will your data remain on the cloud servers? ◦ Is it then deleted from the cloud provider’s servers? - Important when dealing with customer data, credit card information, HIPAA data, etc. • What if the cloud provider goes bankrupt or is shut down by a government? ◦ Example: MegaUpload seized by DOJ in January ’12 • E-discovery obligations? © 2012 Snell & Wilmer L.L.P 14
  • 15. Data Storage Location & Security © 2012 Snell & Wilmer L.L.P 15
  • 16. Data Storage Location & Security • In what countries are the cloud data centers located that will store your data? ◦ Evaluate the data privacy laws where the data centers are located. ◦ Consider potential jurisdictional and choice of law issues. • Is the data required to be maintained within a certain country? ◦ E.g., Government records, national defense materials. © 2012 Snell & Wilmer L.L.P 16
  • 17. Data Storage Location & Security • What physical and digital security standards does the cloud provider adhere to? Will it tell you? • How do they compare to the security procedures used by Amazon, Google and Microsoft? • Do outside auditors certify the proper storage and use of data by the cloud provider? © 2012 Snell & Wilmer L.L.P 17
  • 18. Data Storage Location & Security • Physical security measures: ◦ Non-descript facilities, restricted physical access, video surveillance, biometric clearance; ◦ Fire detection and suppression, uninterrupted power supply, climate and temperature control; ◦ Redundant data storage in different locations; ◦ A business continuity and disaster recovery plan to ensure service is maintained & to recover any data loss. © 2012 Snell & Wilmer L.L.P 18
  • 19. Data Storage Location & Security • Digital security measures: ◦ Is your data securely stored when “at rest” and securely moved between locations? ◦ Does the cloud provider have rights to access your data? If so, why? ◦ Is your data stored in aggregate with other customers? If so, how good is the disaggregation? ◦ How does the cloud provider decommission old storage devices that once held your data? © 2012 Snell & Wilmer L.L.P 19
  • 20. Data Storage Location & Security • What if your data is corrupted, lost or stolen? ◦ Caveat emptor. Let the buyer beware. ◦ Terms of service typically disclaim all warranties and exclude liability for any damages. • Example: ◦ “WE AND OUR AFFILIATES OR LICENSORS WILL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE OR DATA), EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES….” © 2012 Snell & Wilmer L.L.P 20
  • 21. Choose your cloud provider wisely! • If you have little or no leverage in negotiating terms with the cloud provider… ◦ Is the cloud provider reputable & reliable? - How transparent is the cloud provider willing to be? - Quality vs. price – you probably get what you pay for. - Is the cost savings worth the risk of data loss/interruption? ◦ What contingency plan do you have if the service fails? - Separate, independent digital back-up? - Hard copy back-up? ◦ What remedies, if any, do you have against the cloud provider if there is data loss or service failure? © 2012 Snell & Wilmer L.L.P 21
  • 22. Data Privacy © 2012 Snell & Wilmer L.L.P 22
  • 23. Data Privacy Issues • Data in the cloud is subject to different protections than information stored in-house; ◦ Data in the cloud = held by a third-party • Currently: there is a patchwork of Federal and State data privacy laws; • US and EU data privacy rules significantly differ; ◦ EU has more protections and regulations • US and EU have recently proposed expanded data privacy regulations. © 2012 Snell & Wilmer L.L.P 23
  • 24. Data Privacy Issues • Existing laws can compel disclosure of cloud data to the government. ◦ Electronic Communications Privacy Act (ECPA) ◦ Stored Communications Act (SCA) ◦ USA Patriot Act - National Security Letters - Foreign Intelligence Surveillance Act (FISA) Warrants ◦ Warrants and subpoenas generally © 2012 Snell & Wilmer L.L.P 24
  • 25. Data Privacy Issues • Current rules imposing data security and/or breach notification obligations, including: ◦ Sarbanes-Oxley ◦ Family Educational Rights and Privacy Act (FERPA) ◦ Health Insurance Portability & Accountability Act (HIPAA) ◦ Health Information Technology for Economic and Clincal Health (HITECH) Act ◦ Gramm-Leach-Biley Act (GLBA) ◦ FTC Act, Section 5 (for companies that store customer information on the cloud) ◦ State Laws and Regulations © 2012 Snell & Wilmer L.L.P 25
  • 26. Data Privacy: New Regulations? • Significantly expanded data privacy regulation schemes proposed in early 2012: ◦ White House: Consumer Privacy Bill of Rights ◦ EU: New General Data Protection Regulations © 2012 Snell & Wilmer L.L.P 26
  • 27. Data Privacy: New Regulations? White House Proposal – Feb. 2012 On-line Consumer Privacy Bill of Rights Enforceable Codes of Conduct Expanded FTC Role Re Data Privacy Rights Enforcement Increased “Global Interoperability” re various consumer data privacy regs © 2012 Snell & Wilmer L.L.P 27
  • 28. Proposed “Consumer Privacy Bill of Rights” • Intended goals are: ◦ Preserve online consumer trust in the internet economy, ◦ While providing Internet companies with the regulatory certainty needed to permit innovation in on-line commerce. • Available on-line: ◦ http://www.whitehouse.gov/sites/default/files/privacy-final.pdf © 2012 Snell & Wilmer L.L.P 28
  • 29. Proposed “Consumer Privacy Bill of Rights” • Individual Control by consumers of the data collected by companies and how those companies use such data; • Transparency regarding privacy and security practices; • Respect for Context to ensure that companies use data consistently with the context in which the consumer provides the data; • Security in handling personal data; © 2012 Snell & Wilmer L.L.P 29
  • 30. Proposed “Consumer Privacy Bill of Rights” • Access and Accuracy including the right of consumers to access and correct personal data; • Focused Collection through reasonable limits on collection and retention by companies of personal data; and • Accountability to ensure that companies handling data adhere to the Consumer Privacy Bill of Rights. © 2012 Snell & Wilmer L.L.P 30
  • 31. Proposed “Consumer Privacy Bill of Rights” • The White House proposes voluntary adoption of a binding code of conduct incorporating the privacy principles in the bill of rights…thus making it enforceable under Section 5 of the FTC Act. • Alternatively, the White House proposes that Congress pass a law incorporating the privacy bill of rights. • Unlikely that Congress will pass legislation this year. © 2012 Snell & Wilmer L.L.P 31
  • 32. Proposed EU Data Protection Regulations Proposed January 25, 2012 Significant expansion of current EU data privacy scheme Data privacy already a fundamental right, per the EU Constitution Potential implications beyond EU borders © 2012 Snell & Wilmer L.L.P 32
  • 33. Proposed EU Data Protection Regulations • Would apply to almost all data collection and processing activities regarding EU “data subjects” ◦ Would cover controllers and processors located in the EU ◦ Would also cover controllers and processers located outside of the EU if they offer goods or services to data subjects in the EU or monitor their behavior • Increased protections must be assured before consumer data may be moved outside the EU © 2012 Snell & Wilmer L.L.P 33
  • 34. Proposed EU Data Protection Regulations • Provides increased consumer control of data ◦ With few exceptions, data subjects must give “informed consent” (generally through an “opt-in” process) before their personal data may be processed; • Internet users would have “The Right to be Forgotten” ◦ Data subject would be entitled to have personal data erased, even if the data has been made public! • Available on-line: http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf © 2012 Snell & Wilmer L.L.P 34
  • 35. Thank you Patrick X. Fowler, Esq. Snell & Wilmer LLP Phoenix, Arizona 602.382.6213 | pfowler@swlaw.com © 2012 Snell & Wilmer L.L.P 35