Cloud Computing can help your business reduce costs as you don’t have to invest in hardware and other physical infrastructure, your data is stored on a secure location and you only pay for what you use – there are no licensing fees associated with cloud computing.
That said, there are some important legal issues that must be taken care of before you sign-up with any of the cloud vendors for your business.
These issues, discussed below, are more relevant for business owners who are planning to shift to the cloud and may not really matter if you are a consumer who merely uses the cloud for storing emails or office documents.
1a. Where is your data stored physically? Your data could be stored in any country and you may not even know where the data centre is situated. The ‘physical location’ raises the question of legal governance over the data. The customer must be clear so as to the provisions of the prevailing law in that particular nation.
1b. If a dispute arises, what will be the place of jurisdiction? In case a conflict arises between the cloud vendor and the customer (you), which country’s court system will settle the dispute?
Say you are a business owner in China and your cloud service provider is based in the US. The vendor will definitely prefer settling the case in in an American court but as a customer, do you have the financial means and resources to get the dispute settled in the jurisdiction of another nation?
2a. What if the data centre is hit by a disaster? It might happen that the vendor’s premises is severely affected due to a disaster. Even the 10-Q filings of Google Inc. with the U.S Securities and Exchange Commission mentions such a risk:
Our systems are vulnerable to damage or interruption from earthquakes, terrorist attacks, floods, fires, power loss, telecommunications failures, computer viruses, computer denial of service attacks, or other attempts to harm our systems.
The question is whether you are indemnified by the insurance company for loss of your business or not?
2b. Is there any liability coverage for breach of privacy? If a privacy breach occurs due to a fault of cloud vendor, is there any liability coverage policy taken up by the vendor? The scope of breach of privacy has widened considerably over the years in the field of cyber insurance. Some insurance carriers offer coverage even for breach of minor information and the customer is compensated on on behalf of the cloud vendor.
2c. What can be done if the data center gets hacked? Though all cloud vendors try their best to fend off hackers, no security setting is assumed to be foolproof. If the data center gets hacked, can you move against the vendor for claiming lost profits?
3a. Is your data protected under intellectual property rights? If it happens that the data is your own creation (like photographs, literature, etc), then is it protected under the intellectual property rights of that country? What means do you have if they get infringed?
3b. How secure are trade secrets? Your data stored in the ‘cloud’ may have trade secrets or privileged information which must be protected under attorney-client relationship. How secure will such information be in hands of the cloud vendor?
Or consider a reverse situation. If you leak out a trade secret of another business entity, how far will your cloud storage provider go to protect your data when they have been summoned to the court with all your stored data, access logs, etc.
3c. Third party access? The vendor may grant some privileged third parties access to your stored data. The identity of such parties, if any, must be disclosed to the customer. Here, the third party could be a legal authority or even an internal employee. The customer should always be informed before the vendor allows third parties to access the stored data.
To protect the interest of your business, it may therefore be extremely essential that your read the terms and conditions meticulously before signing up for a cloud based services.
If the vendor provides a standard form of contract (which is a general practice), then you must be must be fully aware of all the terms and conditions. It will save you from nasty surprises and you will be financially, mentally and legally prepared to save your business from unfavorable consequences of cloud computing.
The author Nikita Anand is the editor-in-chief of Mighty Laws where she seeks to explain complex legal jargon in simple English. Nikita is currently pursuing a degree in Law from NLIU.