justice scale justice scale justice scale

McKenna Minutes

“The life of the law has not been logic; it has been experience.”

-Oliver Wendell Holmes, Jr.

Should You Move Your Business to the Cloud?

-
Should You Move Your Business to the Cloud?

Cloud computing is available to everyone in various forms. As individuals we put our photos and music in the cloud and businesses can use the cloud for various functions including storing data and information. Cloud computing offers many benefits to businesses, but there are cyber liability and privacy and data security risks that come with this service as well. Knowledge of these risks and benefits is crucial for you to make the right decision when considering whether to move your business to the cloud.

Cyber Liability and Risk Prevention Considerations

Cloud computing offers a number of benefits to a commercial user. It provides a cost savings from not spending money on servers and hardware and also cuts down on associated electrical costs. Cloud computing also provides increased flexibility with greater access to data and applications.

However, along with these benefits there are risks associated with cloud computing. If you are considering moving your business to the cloud you must first consider the following issues.

  • Applicable laws and regulations: Various federal and state laws may limit use of cloud computing services. These laws are sector specific. For example, under the Health Insurance Portability and Accountability Act (HIPAA), covered entities must enter into a business associate agreement before transferring protected health information to a service provider, and may not allow the use or disclosure of health records in ways that conflict with HIPAA.
  • Access to Data: What level of access will the cloud provider have to your data? The level of provider access may undermine applicable privilege or trade secret arguments.
  • Voluntary or Compelled Disclosure: Cloud computing services often retain the ability to disclose information stored on behalf of its clients to the government and to third parties during investigations. In certain situations, these disclosures may be made without notice. Additionally, in certain circumstances, these disclosures may violate federal and state law prohibiting the disclosure of personal information.
  • Data Security: The level of data security may vary depending on the service provider. Obtaining knowledge and understanding of the service provider’s security measures is important to ensure that data and information is adequately stored and protected. This is crucial for compliance with certain laws, and now also necessary to ensure compliance with terms of most cyber insurance policies.
  • Indemnification, Warranty and Liability: Even when adhering to best practices, a cloud computing service provider may be the victim of a breach. Standard cloud computing terms of use deny liability for outages or data losses, disclaim all warranties of any type, and limit damages. Users need to fully understand the cost these terms will have if the service provider is the victim of a data breach.
  • Privacy Policy: Cloud computing users must ensure that the statements made to the public in their privacy notice are consistent with their use of a cloud computing service. Misrepresentations in the privacy notice can lead to liability later on.

Three Steps to Get Set for Success with Cloud Computing

These issues do not necessarily outweigh the benefits of cloud computing, and can be addressed before moving to the cloud. Prior to moving your business to the cloud, you should take the following steps to minimize data privacy and security risks while addressing your business objectives:

  • Data Assessment: Inventory the data and information your business holds. Specifically, you must evaluate the sensitivity of your business’ data and determine whether certain categories of data should not be stored on the cloud.
  • Due Diligence: Your business must do its due diligence to obtain as much relevant information about the cloud service provider’s reputation and business practices as possible.
  • Contract Negotiation: Although the cloud computing service provider may attempt to offer a standard form contract, businesses should always seek to negotiate the terms of these contracts to address the concerns highlighted above. Of particular importance are specifying the security standards used, identifying the party responsible for a data beach, and specifying limits on the cloud computing service provider’s ability to disclose stored information and data.

When all of these issues are evaluated and addressed, you can feel confident about your decision to move your business to the cloud.

If you have any questions about cloud computing, or privacy and data security, please contact Tim Hayes at McKenna Storer.

Categories Privacy and Data Security Litigation



Here to help with whatever your legal issues may be, schedule your no-obligation consultation or Simply Call us at.
(815) 334-9694

Please do not send confidential information via email. The sending of information by you, and the receipt of it by McKenna Storer, is not intended to, and does not create a lawyer-client relationship.

Privacy Policy | Sitemap © 2019 McKenna Storer
Show Buttons
Hide Buttons