SlideShare a Scribd company logo

Cloud Computing: What You Don't Know Can Hurt You

Patrick Fowler
Patrick Fowler

The document discusses cloud computing and related privacy and security concerns. It begins with an introduction to cloud computing, describing how it allows users to access remotely stored applications and data over the internet. It then covers common cloud applications, how cloud data is stored across multiple data centers, and some of the benefits of cloud computing like lower costs and scalability. However, it also discusses privacy and security issues regarding things like data ownership, access, location, and applicable laws. Specifically, it notes concerns around who owns the data, potential access interruptions, applicable laws and jurisdictions, and security of the physical infrastructure and digital data. Finally, it discusses proposed new regulations in the US and EU aimed at strengthening consumer privacy for cloud data.

Technology
1 of 35
Download to read offline
Patrick X. Fowler, Esq. Snell & Wilmer LLP Phoenix, Arizona 602.382.6213 | pfowler@swlaw.com Cloud Computing: What You Don’t Know Can Hurt You © 2012 Snell & Wilmer L.L.P 1
Today’s Topics • What is cloud computing? • Common cloud computing applications • How does it work? • Cloud computing concerns ◦ Data Ownership and Access ◦ Data Location and Security ◦ Data Privacy in the US and EU © 2012 Snell & Wilmer L.L.P 2
What is Cloud Computing? • Using the internet… • to access remotely-located computer servers… • for scalable, on-demand software applications, computing power and data storage… • that you might pay a fee for, but don’t own. © 2012 Snell & Wilmer L.L.P 3
Common Cloud Applications • Webmail – Gmail, Hotmail, AOL • Productivity – Microsoft Office 365, GoogleDocs • Data Sharing – Dropbox, GoToMeeting • Data Storage – iCloud, Amazon, Carbonite • Social Media – Facebook, LinkedIn, YouTube • Retailing – Amazon, Apple, eBay • Banking – Chase, Bank of America • Government – www.apps.gov © 2012 Snell & Wilmer L.L.P 4
Most Common Use of the Cloud? • Social Networking – By Far © 2012 Snell & Wilmer L.L.P 5
“Official” Government Definition National Institute of Standards and Technology Responsible for developing standards and guidelines for providing information security for all federal gov’t agencies and assets. NIST Special Publication 800- 145 (September 2011) © 2012 Snell & Wilmer L.L.P 6
Why Are We Moving to the Cloud? • It’s much cheaper to rent than to own. ◦ Outsourcing to the cloud reduces corporate data storage costs by 80%, and requires a smaller IT staff • It’s more flexible/scalable/elastic. ◦ Quickly expand and contract storage and computing needs, based on demand. ◦ Faster access to improved technology. • It’s more secure – in some respects. ◦ Remote, redundant data back-ups in case of disaster © 2012 Snell & Wilmer L.L.P 7
How Does Cloud Computing Work? • Major cloud providers: ◦ Amazon ◦ Google ◦ Microsoft ◦ Apple • Major cloud providers have multiple, distant data centers (i.e. server farms) where data is redundantly stored/processed. © 2012 Snell & Wilmer L.L.P 8
Cloud Data Center Locations • Amazon: ◦ North America (CA, OR) ◦ EU (Ireland) ◦ Asia (Singapore, Tokyo) ◦ South America (Brazil) ◦ Future: Buried in Siberian permafrost? • Google: ◦ USA (SC, NC, GA, OK, IA, OR) ◦ Finland, Belgium ◦ Hong Kong, Singapore, Taiwan ◦ Future: Cargo ships powered & cooled by the sea? © 2012 Snell & Wilmer L.L.P 9
How is Data Stored in the Cloud? Per Google’s web site: • Data is not stored on a single machine or set of machines; data from all Google customers is distributed amongst a shared infrastructure composed of many computers located across Google’s many data centers. • Data is chunked and replicated over multiple systems so that no one system is a single point of failure. Data chunks are given random file names and they’re not stored in clear text, so they’re not humanly readable. Source: http://www.google.com/about/datacenters/inside/data-security.html# © 2012 Snell & Wilmer L.L.P 10
Cloud Computing Concerns • Data Ownership & Access • Data Location and Security • Data Privacy • What Law Governs? • E-Discovery Obligations If possible, your contract with the cloud provider should address these issues. © 2012 Snell & Wilmer L.L.P 11
Data Ownership & Access © 2012 Snell & Wilmer L.L.P 12
Cloud Data Ownership & Access • Who owns the data once it has been uploaded? ◦ Short Answer: Should not be the cloud provider! • Who owns the servers where the data is stored? ◦ Is it the party with whom you contracted? A third party? How many links in the contract chain? • How often will the data be accessible? ◦ Industry custom is 99.99% of the time. • What happens if access is interrupted? ◦ Are fee credits provided? © 2012 Snell & Wilmer L.L.P 13
Cloud Data Ownership & Access • If you terminate the agreement with the cloud provider, what happens to your data? ◦ How long will your data remain on the cloud servers? ◦ Is it then deleted from the cloud provider’s servers? - Important when dealing with customer data, credit card information, HIPAA data, etc. • What if the cloud provider goes bankrupt or is shut down by a government? ◦ Example: MegaUpload seized by DOJ in January ’12 • E-discovery obligations? © 2012 Snell & Wilmer L.L.P 14
Data Storage Location & Security © 2012 Snell & Wilmer L.L.P 15
Data Storage Location & Security • In what countries are the cloud data centers located that will store your data? ◦ Evaluate the data privacy laws where the data centers are located. ◦ Consider potential jurisdictional and choice of law issues. • Is the data required to be maintained within a certain country? ◦ E.g., Government records, national defense materials. © 2012 Snell & Wilmer L.L.P 16
Data Storage Location & Security • What physical and digital security standards does the cloud provider adhere to? Will it tell you? • How do they compare to the security procedures used by Amazon, Google and Microsoft? • Do outside auditors certify the proper storage and use of data by the cloud provider? © 2012 Snell & Wilmer L.L.P 17
Data Storage Location & Security • Physical security measures: ◦ Non-descript facilities, restricted physical access, video surveillance, biometric clearance; ◦ Fire detection and suppression, uninterrupted power supply, climate and temperature control; ◦ Redundant data storage in different locations; ◦ A business continuity and disaster recovery plan to ensure service is maintained & to recover any data loss. © 2012 Snell & Wilmer L.L.P 18
Data Storage Location & Security • Digital security measures: ◦ Is your data securely stored when “at rest” and securely moved between locations? ◦ Does the cloud provider have rights to access your data? If so, why? ◦ Is your data stored in aggregate with other customers? If so, how good is the disaggregation? ◦ How does the cloud provider decommission old storage devices that once held your data? © 2012 Snell & Wilmer L.L.P 19
Data Storage Location & Security • What if your data is corrupted, lost or stolen? ◦ Caveat emptor. Let the buyer beware. ◦ Terms of service typically disclaim all warranties and exclude liability for any damages. • Example: ◦ “WE AND OUR AFFILIATES OR LICENSORS WILL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE OR DATA), EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES….” © 2012 Snell & Wilmer L.L.P 20
Choose your cloud provider wisely! • If you have little or no leverage in negotiating terms with the cloud provider… ◦ Is the cloud provider reputable & reliable? - How transparent is the cloud provider willing to be? - Quality vs. price – you probably get what you pay for. - Is the cost savings worth the risk of data loss/interruption? ◦ What contingency plan do you have if the service fails? - Separate, independent digital back-up? - Hard copy back-up? ◦ What remedies, if any, do you have against the cloud provider if there is data loss or service failure? © 2012 Snell & Wilmer L.L.P 21
Data Privacy © 2012 Snell & Wilmer L.L.P 22
Data Privacy Issues • Data in the cloud is subject to different protections than information stored in-house; ◦ Data in the cloud = held by a third-party • Currently: there is a patchwork of Federal and State data privacy laws; • US and EU data privacy rules significantly differ; ◦ EU has more protections and regulations • US and EU have recently proposed expanded data privacy regulations. © 2012 Snell & Wilmer L.L.P 23
Data Privacy Issues • Existing laws can compel disclosure of cloud data to the government. ◦ Electronic Communications Privacy Act (ECPA) ◦ Stored Communications Act (SCA) ◦ USA Patriot Act - National Security Letters - Foreign Intelligence Surveillance Act (FISA) Warrants ◦ Warrants and subpoenas generally © 2012 Snell & Wilmer L.L.P 24
Data Privacy Issues • Current rules imposing data security and/or breach notification obligations, including: ◦ Sarbanes-Oxley ◦ Family Educational Rights and Privacy Act (FERPA) ◦ Health Insurance Portability & Accountability Act (HIPAA) ◦ Health Information Technology for Economic and Clincal Health (HITECH) Act ◦ Gramm-Leach-Biley Act (GLBA) ◦ FTC Act, Section 5 (for companies that store customer information on the cloud) ◦ State Laws and Regulations © 2012 Snell & Wilmer L.L.P 25
Data Privacy: New Regulations? • Significantly expanded data privacy regulation schemes proposed in early 2012: ◦ White House: Consumer Privacy Bill of Rights ◦ EU: New General Data Protection Regulations © 2012 Snell & Wilmer L.L.P 26
Data Privacy: New Regulations? White House Proposal – Feb. 2012 On-line Consumer Privacy Bill of Rights Enforceable Codes of Conduct Expanded FTC Role Re Data Privacy Rights Enforcement Increased “Global Interoperability” re various consumer data privacy regs © 2012 Snell & Wilmer L.L.P 27
Proposed “Consumer Privacy Bill of Rights” • Intended goals are: ◦ Preserve online consumer trust in the internet economy, ◦ While providing Internet companies with the regulatory certainty needed to permit innovation in on-line commerce. • Available on-line: ◦ http://www.whitehouse.gov/sites/default/files/privacy-final.pdf © 2012 Snell & Wilmer L.L.P 28
Proposed “Consumer Privacy Bill of Rights” • Individual Control by consumers of the data collected by companies and how those companies use such data; • Transparency regarding privacy and security practices; • Respect for Context to ensure that companies use data consistently with the context in which the consumer provides the data; • Security in handling personal data; © 2012 Snell & Wilmer L.L.P 29
Proposed “Consumer Privacy Bill of Rights” • Access and Accuracy including the right of consumers to access and correct personal data; • Focused Collection through reasonable limits on collection and retention by companies of personal data; and • Accountability to ensure that companies handling data adhere to the Consumer Privacy Bill of Rights. © 2012 Snell & Wilmer L.L.P 30
Proposed “Consumer Privacy Bill of Rights” • The White House proposes voluntary adoption of a binding code of conduct incorporating the privacy principles in the bill of rights…thus making it enforceable under Section 5 of the FTC Act. • Alternatively, the White House proposes that Congress pass a law incorporating the privacy bill of rights. • Unlikely that Congress will pass legislation this year. © 2012 Snell & Wilmer L.L.P 31
Proposed EU Data Protection Regulations Proposed January 25, 2012 Significant expansion of current EU data privacy scheme Data privacy already a fundamental right, per the EU Constitution Potential implications beyond EU borders © 2012 Snell & Wilmer L.L.P 32
Proposed EU Data Protection Regulations • Would apply to almost all data collection and processing activities regarding EU “data subjects” ◦ Would cover controllers and processors located in the EU ◦ Would also cover controllers and processers located outside of the EU if they offer goods or services to data subjects in the EU or monitor their behavior • Increased protections must be assured before consumer data may be moved outside the EU © 2012 Snell & Wilmer L.L.P 33
Proposed EU Data Protection Regulations • Provides increased consumer control of data ◦ With few exceptions, data subjects must give “informed consent” (generally through an “opt-in” process) before their personal data may be processed; • Internet users would have “The Right to be Forgotten” ◦ Data subject would be entitled to have personal data erased, even if the data has been made public! • Available on-line: http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf © 2012 Snell & Wilmer L.L.P 34
Thank you Patrick X. Fowler, Esq. Snell & Wilmer LLP Phoenix, Arizona 602.382.6213 | pfowler@swlaw.com © 2012 Snell & Wilmer L.L.P 35

Recommended

Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
J. David Morris
 
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for LawyersIowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Nicole Black
 
2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery
Exterro
 
Trends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the RisksTrends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the Risks
Nicole Garton
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
Exponential_e
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & Privacy
Abzetdin Adamov
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slides
Exponential_e
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on Privacy
Claudiu Popa
 

Recommended

Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
J. David Morris
 
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for LawyersIowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Nicole Black
 
2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery
Exterro
 
Trends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the RisksTrends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the Risks
Nicole Garton
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
Exponential_e
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & Privacy
Abzetdin Adamov
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slides
Exponential_e
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on Privacy
Claudiu Popa
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
bradley_g
 
Privacy and Big Data Overload!
Privacy and Big Data Overload!Privacy and Big Data Overload!
Privacy and Big Data Overload!
SparkPost
 
Ethics of Big Data
Ethics of Big DataEthics of Big Data
Ethics of Big Data
Matti Vesala
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
Ulf Mattsson
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Praveenkumar Hosangadi
 
Privacy in the Age of Big Data
Privacy in the Age of Big DataPrivacy in the Age of Big Data
Privacy in the Age of Big Data
Arab Federation for Digital Economy
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
kevintsmith
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
CILIPScotland
 
Introduction by ann cavoukian
Introduction by ann cavoukianIntroduction by ann cavoukian
Introduction by ann cavoukian
MaRS Discovery District
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
 
Identity, Security and Healthcare
Identity, Security and HealthcareIdentity, Security and Healthcare
Identity, Security and Healthcare
NetIQ
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption public
John Mathon
 
Blockchain - Hype or Reality
Blockchain - Hype or RealityBlockchain - Hype or Reality
Blockchain - Hype or Reality
snewell4
 
Big Data and High Performance Computing
Big Data and High Performance ComputingBig Data and High Performance Computing
Big Data and High Performance Computing
Abzetdin Adamov
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
Jisc
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
Dr. Ann Cavoukian
 
Egress Switch Introduction
Egress Switch IntroductionEgress Switch Introduction
Egress Switch Introduction
yonifine
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
Resilient Systems
 
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsGetting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensics
Druva
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
CipherCloud
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public Sector
MHCCloud
 

More Related Content

What's hot

Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
bradley_g
 
Privacy and Big Data Overload!
Privacy and Big Data Overload!Privacy and Big Data Overload!
Privacy and Big Data Overload!
SparkPost
 
Ethics of Big Data
Ethics of Big DataEthics of Big Data
Ethics of Big Data
Matti Vesala
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
Ulf Mattsson
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Praveenkumar Hosangadi
 
Privacy in the Age of Big Data
Privacy in the Age of Big DataPrivacy in the Age of Big Data
Privacy in the Age of Big Data
Arab Federation for Digital Economy
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
kevintsmith
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
CILIPScotland
 
Introduction by ann cavoukian
Introduction by ann cavoukianIntroduction by ann cavoukian
Introduction by ann cavoukian
MaRS Discovery District
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
 
Identity, Security and Healthcare
Identity, Security and HealthcareIdentity, Security and Healthcare
Identity, Security and Healthcare
NetIQ
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption public
John Mathon
 
Blockchain - Hype or Reality
Blockchain - Hype or RealityBlockchain - Hype or Reality
Blockchain - Hype or Reality
snewell4
 
Big Data and High Performance Computing
Big Data and High Performance ComputingBig Data and High Performance Computing
Big Data and High Performance Computing
Abzetdin Adamov
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
Jisc
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
Dr. Ann Cavoukian
 
Egress Switch Introduction
Egress Switch IntroductionEgress Switch Introduction
Egress Switch Introduction
yonifine
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
Resilient Systems
 
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsGetting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensics
Druva
 

What's hot (20)

Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
 
Privacy and Big Data Overload!
Privacy and Big Data Overload!Privacy and Big Data Overload!
Privacy and Big Data Overload!
 
Ethics of Big Data
Ethics of Big DataEthics of Big Data
Ethics of Big Data
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
 
Privacy in the Age of Big Data
Privacy in the Age of Big DataPrivacy in the Age of Big Data
Privacy in the Age of Big Data
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
 
Introduction by ann cavoukian
Introduction by ann cavoukianIntroduction by ann cavoukian
Introduction by ann cavoukian
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
 
Identity, Security and Healthcare
Identity, Security and HealthcareIdentity, Security and Healthcare
Identity, Security and Healthcare
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption public
 
Blockchain - Hype or Reality
Blockchain - Hype or RealityBlockchain - Hype or Reality
Blockchain - Hype or Reality
 
Big Data and High Performance Computing
Big Data and High Performance ComputingBig Data and High Performance Computing
Big Data and High Performance Computing
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
 
Egress Switch Introduction
Egress Switch IntroductionEgress Switch Introduction
Egress Switch Introduction
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
 
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsGetting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensics
 

Similar to Cloud Computing: What You Don't Know Can Hurt You

Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
CipherCloud
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public Sector
MHCCloud
 
Data sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profitsData sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profits
rgtechnologies
 
MPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum CollectionsMPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum Collections
Kacy Clarke
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
Bianca Mueller, LL.M.
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänster
Transcendent Group
 
Clouds and Chains
Clouds and ChainsClouds and Chains
Clouds and Chains
Tim Swanson
 
Legal ethics & cloud computing
Legal ethics & cloud computingLegal ethics & cloud computing
Legal ethics & cloud computing
Patrick Fowler
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data Privacy
WilmerHale
 
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 PredictionsPrivacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Resilient Systems
 
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
Executive Leaders Network
 
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc
 
Onehub 101
Onehub 101Onehub 101
Onehub 101
Charles Mount
 
Cloud security - Publication
Cloud security - Publication Cloud security - Publication
Cloud security - Publication
Bianca Mueller, LL.M.
 
Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2
dbarton944
 
ACS cloud discussion paper
ACS cloud discussion paperACS cloud discussion paper
ACS cloud discussion paper
Roland Padilla
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
mkeane
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
Brian K. Dickard
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
Meg Weber
 

Similar to Cloud Computing: What You Don't Know Can Hurt You (20)

Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public Sector
 
Data sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profitsData sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profits
 
MPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum CollectionsMPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum Collections
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänster
 
Clouds and Chains
Clouds and ChainsClouds and Chains
Clouds and Chains
 
Legal ethics & cloud computing
Legal ethics & cloud computingLegal ethics & cloud computing
Legal ethics & cloud computing
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data Privacy
 
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 PredictionsPrivacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
 
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
 
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data Graveyards
 
Onehub 101
Onehub 101Onehub 101
Onehub 101
 
Cloud security - Publication
Cloud security - Publication Cloud security - Publication
Cloud security - Publication
 
Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2
 
ACS cloud discussion paper
ACS cloud discussion paperACS cloud discussion paper
ACS cloud discussion paper
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 

Recently uploaded

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 

Recently uploaded (20)

[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 

Cloud Computing: What You Don't Know Can Hurt You

  • 1. Patrick X. Fowler, Esq. Snell & Wilmer LLP Phoenix, Arizona 602.382.6213 | pfowler@swlaw.com Cloud Computing: What You Don’t Know Can Hurt You © 2012 Snell & Wilmer L.L.P 1
  • 2. Today’s Topics • What is cloud computing? • Common cloud computing applications • How does it work? • Cloud computing concerns ◦ Data Ownership and Access ◦ Data Location and Security ◦ Data Privacy in the US and EU © 2012 Snell & Wilmer L.L.P 2
  • 3. What is Cloud Computing? • Using the internet… • to access remotely-located computer servers… • for scalable, on-demand software applications, computing power and data storage… • that you might pay a fee for, but don’t own. © 2012 Snell & Wilmer L.L.P 3
  • 4. Common Cloud Applications • Webmail – Gmail, Hotmail, AOL • Productivity – Microsoft Office 365, GoogleDocs • Data Sharing – Dropbox, GoToMeeting • Data Storage – iCloud, Amazon, Carbonite • Social Media – Facebook, LinkedIn, YouTube • Retailing – Amazon, Apple, eBay • Banking – Chase, Bank of America • Government – www.apps.gov © 2012 Snell & Wilmer L.L.P 4
  • 5. Most Common Use of the Cloud? • Social Networking – By Far © 2012 Snell & Wilmer L.L.P 5
  • 6. “Official” Government Definition National Institute of Standards and Technology Responsible for developing standards and guidelines for providing information security for all federal gov’t agencies and assets. NIST Special Publication 800- 145 (September 2011) © 2012 Snell & Wilmer L.L.P 6
  • 7. Why Are We Moving to the Cloud? • It’s much cheaper to rent than to own. ◦ Outsourcing to the cloud reduces corporate data storage costs by 80%, and requires a smaller IT staff • It’s more flexible/scalable/elastic. ◦ Quickly expand and contract storage and computing needs, based on demand. ◦ Faster access to improved technology. • It’s more secure – in some respects. ◦ Remote, redundant data back-ups in case of disaster © 2012 Snell & Wilmer L.L.P 7
  • 8. How Does Cloud Computing Work? • Major cloud providers: ◦ Amazon ◦ Google ◦ Microsoft ◦ Apple • Major cloud providers have multiple, distant data centers (i.e. server farms) where data is redundantly stored/processed. © 2012 Snell & Wilmer L.L.P 8
  • 9. Cloud Data Center Locations • Amazon: ◦ North America (CA, OR) ◦ EU (Ireland) ◦ Asia (Singapore, Tokyo) ◦ South America (Brazil) ◦ Future: Buried in Siberian permafrost? • Google: ◦ USA (SC, NC, GA, OK, IA, OR) ◦ Finland, Belgium ◦ Hong Kong, Singapore, Taiwan ◦ Future: Cargo ships powered & cooled by the sea? © 2012 Snell & Wilmer L.L.P 9
  • 10. How is Data Stored in the Cloud? Per Google’s web site: • Data is not stored on a single machine or set of machines; data from all Google customers is distributed amongst a shared infrastructure composed of many computers located across Google’s many data centers. • Data is chunked and replicated over multiple systems so that no one system is a single point of failure. Data chunks are given random file names and they’re not stored in clear text, so they’re not humanly readable. Source: http://www.google.com/about/datacenters/inside/data-security.html# © 2012 Snell & Wilmer L.L.P 10
  • 11. Cloud Computing Concerns • Data Ownership & Access • Data Location and Security • Data Privacy • What Law Governs? • E-Discovery Obligations If possible, your contract with the cloud provider should address these issues. © 2012 Snell & Wilmer L.L.P 11
  • 12. Data Ownership & Access © 2012 Snell & Wilmer L.L.P 12
  • 13. Cloud Data Ownership & Access • Who owns the data once it has been uploaded? ◦ Short Answer: Should not be the cloud provider! • Who owns the servers where the data is stored? ◦ Is it the party with whom you contracted? A third party? How many links in the contract chain? • How often will the data be accessible? ◦ Industry custom is 99.99% of the time. • What happens if access is interrupted? ◦ Are fee credits provided? © 2012 Snell & Wilmer L.L.P 13
  • 14. Cloud Data Ownership & Access • If you terminate the agreement with the cloud provider, what happens to your data? ◦ How long will your data remain on the cloud servers? ◦ Is it then deleted from the cloud provider’s servers? - Important when dealing with customer data, credit card information, HIPAA data, etc. • What if the cloud provider goes bankrupt or is shut down by a government? ◦ Example: MegaUpload seized by DOJ in January ’12 • E-discovery obligations? © 2012 Snell & Wilmer L.L.P 14
  • 15. Data Storage Location & Security © 2012 Snell & Wilmer L.L.P 15
  • 16. Data Storage Location & Security • In what countries are the cloud data centers located that will store your data? ◦ Evaluate the data privacy laws where the data centers are located. ◦ Consider potential jurisdictional and choice of law issues. • Is the data required to be maintained within a certain country? ◦ E.g., Government records, national defense materials. © 2012 Snell & Wilmer L.L.P 16
  • 17. Data Storage Location & Security • What physical and digital security standards does the cloud provider adhere to? Will it tell you? • How do they compare to the security procedures used by Amazon, Google and Microsoft? • Do outside auditors certify the proper storage and use of data by the cloud provider? © 2012 Snell & Wilmer L.L.P 17
  • 18. Data Storage Location & Security • Physical security measures: ◦ Non-descript facilities, restricted physical access, video surveillance, biometric clearance; ◦ Fire detection and suppression, uninterrupted power supply, climate and temperature control; ◦ Redundant data storage in different locations; ◦ A business continuity and disaster recovery plan to ensure service is maintained & to recover any data loss. © 2012 Snell & Wilmer L.L.P 18
  • 19. Data Storage Location & Security • Digital security measures: ◦ Is your data securely stored when “at rest” and securely moved between locations? ◦ Does the cloud provider have rights to access your data? If so, why? ◦ Is your data stored in aggregate with other customers? If so, how good is the disaggregation? ◦ How does the cloud provider decommission old storage devices that once held your data? © 2012 Snell & Wilmer L.L.P 19
  • 20. Data Storage Location & Security • What if your data is corrupted, lost or stolen? ◦ Caveat emptor. Let the buyer beware. ◦ Terms of service typically disclaim all warranties and exclude liability for any damages. • Example: ◦ “WE AND OUR AFFILIATES OR LICENSORS WILL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE OR DATA), EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES….” © 2012 Snell & Wilmer L.L.P 20
  • 21. Choose your cloud provider wisely! • If you have little or no leverage in negotiating terms with the cloud provider… ◦ Is the cloud provider reputable & reliable? - How transparent is the cloud provider willing to be? - Quality vs. price – you probably get what you pay for. - Is the cost savings worth the risk of data loss/interruption? ◦ What contingency plan do you have if the service fails? - Separate, independent digital back-up? - Hard copy back-up? ◦ What remedies, if any, do you have against the cloud provider if there is data loss or service failure? © 2012 Snell & Wilmer L.L.P 21
  • 22. Data Privacy © 2012 Snell & Wilmer L.L.P 22
  • 23. Data Privacy Issues • Data in the cloud is subject to different protections than information stored in-house; ◦ Data in the cloud = held by a third-party • Currently: there is a patchwork of Federal and State data privacy laws; • US and EU data privacy rules significantly differ; ◦ EU has more protections and regulations • US and EU have recently proposed expanded data privacy regulations. © 2012 Snell & Wilmer L.L.P 23
  • 24. Data Privacy Issues • Existing laws can compel disclosure of cloud data to the government. ◦ Electronic Communications Privacy Act (ECPA) ◦ Stored Communications Act (SCA) ◦ USA Patriot Act - National Security Letters - Foreign Intelligence Surveillance Act (FISA) Warrants ◦ Warrants and subpoenas generally © 2012 Snell & Wilmer L.L.P 24
  • 25. Data Privacy Issues • Current rules imposing data security and/or breach notification obligations, including: ◦ Sarbanes-Oxley ◦ Family Educational Rights and Privacy Act (FERPA) ◦ Health Insurance Portability & Accountability Act (HIPAA) ◦ Health Information Technology for Economic and Clincal Health (HITECH) Act ◦ Gramm-Leach-Biley Act (GLBA) ◦ FTC Act, Section 5 (for companies that store customer information on the cloud) ◦ State Laws and Regulations © 2012 Snell & Wilmer L.L.P 25
  • 26. Data Privacy: New Regulations? • Significantly expanded data privacy regulation schemes proposed in early 2012: ◦ White House: Consumer Privacy Bill of Rights ◦ EU: New General Data Protection Regulations © 2012 Snell & Wilmer L.L.P 26
  • 27. Data Privacy: New Regulations? White House Proposal – Feb. 2012 On-line Consumer Privacy Bill of Rights Enforceable Codes of Conduct Expanded FTC Role Re Data Privacy Rights Enforcement Increased “Global Interoperability” re various consumer data privacy regs © 2012 Snell & Wilmer L.L.P 27
  • 28. Proposed “Consumer Privacy Bill of Rights” • Intended goals are: ◦ Preserve online consumer trust in the internet economy, ◦ While providing Internet companies with the regulatory certainty needed to permit innovation in on-line commerce. • Available on-line: ◦ http://www.whitehouse.gov/sites/default/files/privacy-final.pdf © 2012 Snell & Wilmer L.L.P 28
  • 29. Proposed “Consumer Privacy Bill of Rights” • Individual Control by consumers of the data collected by companies and how those companies use such data; • Transparency regarding privacy and security practices; • Respect for Context to ensure that companies use data consistently with the context in which the consumer provides the data; • Security in handling personal data; © 2012 Snell & Wilmer L.L.P 29
  • 30. Proposed “Consumer Privacy Bill of Rights” • Access and Accuracy including the right of consumers to access and correct personal data; • Focused Collection through reasonable limits on collection and retention by companies of personal data; and • Accountability to ensure that companies handling data adhere to the Consumer Privacy Bill of Rights. © 2012 Snell & Wilmer L.L.P 30
  • 31. Proposed “Consumer Privacy Bill of Rights” • The White House proposes voluntary adoption of a binding code of conduct incorporating the privacy principles in the bill of rights…thus making it enforceable under Section 5 of the FTC Act. • Alternatively, the White House proposes that Congress pass a law incorporating the privacy bill of rights. • Unlikely that Congress will pass legislation this year. © 2012 Snell & Wilmer L.L.P 31
  • 32. Proposed EU Data Protection Regulations Proposed January 25, 2012 Significant expansion of current EU data privacy scheme Data privacy already a fundamental right, per the EU Constitution Potential implications beyond EU borders © 2012 Snell & Wilmer L.L.P 32
  • 33. Proposed EU Data Protection Regulations • Would apply to almost all data collection and processing activities regarding EU “data subjects” ◦ Would cover controllers and processors located in the EU ◦ Would also cover controllers and processers located outside of the EU if they offer goods or services to data subjects in the EU or monitor their behavior • Increased protections must be assured before consumer data may be moved outside the EU © 2012 Snell & Wilmer L.L.P 33
  • 34. Proposed EU Data Protection Regulations • Provides increased consumer control of data ◦ With few exceptions, data subjects must give “informed consent” (generally through an “opt-in” process) before their personal data may be processed; • Internet users would have “The Right to be Forgotten” ◦ Data subject would be entitled to have personal data erased, even if the data has been made public! • Available on-line: http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf © 2012 Snell & Wilmer L.L.P 34
  • 35. Thank you Patrick X. Fowler, Esq. Snell & Wilmer LLP Phoenix, Arizona 602.382.6213 | pfowler@swlaw.com © 2012 Snell & Wilmer L.L.P 35