SlideShare uma empresa Scribd logo

Legal Issues in Cloud Computing

Tom Kulik
Tom Kulik

This document summarizes a presentation given by Thomas Kulik on the legal issues surrounding cloud computing. It provides background on Kulik's experience in both law and the technology industry. The presentation defines cloud computing, outlines its essential characteristics and various service and deployment models according to the National Institute of Standards and Technology. It also provides examples of cloud computing services and summarizes the concept of cloud computing.

TecnologiaNegócios
1 de 41
Baixar para ler offline
“Partly Sunny with a Chance of Rain II”: Forecasting the Legal Issues in Cloud Computing by: Thomas A. Kulik Chairman, Dallas Bar Association Computer Law Section Partner, Scheef & Stone, L.L.P. Dallas Bar Association – Computer Law Section October 28, 2013   ®  
About  the  Presenter   Tom  Kulik  is  a  Partner  in  Scheef  &  Stone,  L.L.P.  out  of  its  headquarters  in   Dallas,  Texas,  as  well  as  Chairman  of  the  Dallas  Bar  AssociaBon  Computer  Law   SecBon.    With  a  deep  understanding  of  how  intellectual  property  assets   influence  business,  he  leverages  20  years  of  law  pracBce  with  prior  industry   experience,  strategically  counseling  clients  on  maKers  involving  the   evaluaBon,  acquisiBon,  development  and  protecBon  of  intellectual  property   rights,  with  an  emphasis  on  creaBvely  leveraging  such  assets  both   domesBcally  and  internaBonally.   Prior  to  matriculaBon  in  law  school,  he  was  an  award-­‐winning  systems   engineer  for  3Com  CorporaBon,  where  he  was  responsible  for  local  and  wide-­‐ area  network  architecture  and  design  supporBng  both  Fortune  500  and  start-­‐ up  companies  in  the  computer  services,  financial  and  pharmaceuBcal   industries.     Leveraging  this  industry  experience,  his  pracBce  focuses  on  intellectual   property  transacBons,  parBcularly  within  the  context  of  the  computer   soQware,  emerging  Internet  technologies  and  e-­‐commerce,  and  includes  an   extensive  trademark  preparaBon  and  prosecuBon  pracBce  and  aKendant   intellectual  property  liBgaBon.   ®  
What  is  the  “Cloud”?...   ®  
…and  What  is  “Cloud  CompuBng”?   “SaaS”            “PaaS”   “IaaS”   ®  
   “Cloud  CompuBng”  –  A  Hazy  Phrase   for  a  Foggy  (Evolving)  Concept   “As  a  metaphor  for  the  Internet,  "the  cloud"  is  a   familiar  cliché,  but  when  combined  with   "compuBng,"  the  meaning  gets  bigger  and  fuzzier… [but  essenBally]  encompasses  any  subscripBon-­‐ based  or  pay-­‐per-­‐use  service    that,  in  real  Bme  over   the  Internet,  extends  IT's  exisBng  capabiliBes.”    What  Cloud  Compu-ng  Really  Means,  Eric  Knor  &  Galen  Gruman,  InfoWorld,  2009   ®  
“Cloud  CompuBng”  DefiniBon  –  The  NaBonal   InsBtute  of  Standards  and  Technology            “Cloud  compuBng  is  a  model  for  enabling  convenient,  on-­‐ demand  network  access  to  a  shared  pool  of  configurable   compuBng  resources  (e.g.,  networks,  servers,  storage,   applicaBons,  and  services)  that  can  be  rapidly  provisioned   and  released  with  minimal  management  effort  or  service   provider  interacBon.  This  cloud  model  promotes  availability   and  is  composed  of  five  essen-al  characteris-cs,  three   service  models,  and  four  deployment  models.”        The  NIST  Defini,on  of  Cloud  Compu,ng,  Peter  Mell  and  Tim  Grance,  Version  15,  October  7,  2009   ®  
       “Cloud  CompuBng”-­‐  EssenBal  CharacterisBcs   •  On-­‐demand  self-­‐service  –  unilateral  and  automaBc   provisioning  of  a  user’s  compuBng  needs   •  Broad  network  access  –  services  available  through  the   network  to  cellphones,  PDAs,  laptops,  iPads,  etc.     •  Resource  pooling  –  dynamic  assignment  of  physical  and   virtual  compuBng  resources   •  Rapid  elas9city  –  quick  scale-­‐out/scale-­‐in  –  seamless  and   seemingly  unlimited  to  the  user   •  Measured  Service  –  automaBc  control  to  opBmize   management  of  resources  (storage,  processing,   bandwidth,  accounts)   ®  
“Cloud  CompuBng”  –  Service  Models    So7ware-­‐as-­‐a-­‐Service  (“SaaS”)   •  External  soQware  hosBng  in  a  cloud  infrastructure    PlaDorm-­‐as-­‐a-­‐Service  (“PaaS”)   •  Think  “SaaS-­‐plus”  –  compuBng  plamorm  and  “soluBon   stack”  for  building  and  running  custom  applicaBons  by  the   user        Infrastructure-­‐as-­‐a-­‐Service  (“IaaS”)   •  Data  processing,  storage,  network  and  other  fundamental   compuBng  resources  in  cloud  infrastructure   ®  
Examples  of  Cloud  Services  from  Cloud   Service  Providers”  (“CSPs”)    Infrastructure-­‐as-­‐a-­‐Service  (“IaaS”)   •  Amazon  ElasBc  Compute  Cloud  (EC2),  Amazon  S3,   Rackspace    So7ware-­‐as-­‐a-­‐Service  (“SaaS”)   •  Apple  iCloud,  Google  Apps,  Facebook  ApplicaBons    PlaDorm-­‐as-­‐a-­‐Service  (“PaaS”)   •  Salesforce  AppExchange,  Google  AppExchange   ®  
“Cloud  CompuBng”  –  Deployment  Models     Private  Cloud     Used  solely  by/operated  solely  for  the  organizaBon     Community  Cloud     Used  by/operated  for  mulBple  organizaBons  Bed  to  a  “specific   community”  with  “shared  concerns”     Public  Cloud     Owned  by  CSP  providing  cloud  services  to  the  public     Hybrid  Cloud     ComposiBon  of  2  or  more  disBnct  clouds  “bound  together  by   standardized  or  proprietary  technology  that  enables  data  and   applicaBon  portability”     ®  
   “Cloud  CompuBng”  –  DefiniBon  in  a  Nutshell          A  fully-­‐scalable  service  for  processing  and  storing   data  using  third-­‐party  shared  resources,  soQware   and  informaBon  accessible  over  a  network  (i.e.  the   Internet),  and  provided  to  computers  and  other   devices  on-­‐demand:     Usually  subscripBon-­‐based     May  be  pay-­‐per-­‐use     Even  free!   ®  
Why  the  Cloud  Model?     A  “Perfect  Storm”     •  Economics  -­‐  IT  capital  cost  pressures  pushing  for  beKer   ROI   •  More  for  Less  -­‐  Technological  InnovaBon  is  permipng:   »  BeKer  communicaBons  bandwidth  availability   »  Improved  microprocessor/bus  speeds   »  Increased  storage  capabiliBes   •  “Virtualiza,on”  –  easier  for  CSPs  to  maximize   infrastructure  for  the  services  provided  and  offload  much   IT  management   ®  
The  Legal  ConsideraBons  in  Cloud   CompuBng:    More  Than  A  Drizzle…     Security  &  Privacy     Contractual  ConsideraBons     Intellectual  Property     E-­‐Discovery  &  LiBgaBon     Ethical  ConsideraBons  for  Lawyers   ®  
The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Data  in  the  “Cloud”  harder  to  protect   •  •  •  Is  a  “mulB-­‐tenant”  architecture  –  data  stored  on  a  virtual  server  that   shares  same  physical  server  with  other  virtual  servers   Security  dependent  upon  configuraBon  of  the  virtual  servers  and  API   vulnerabiliBes   Geographic  distribuBon  concerns  –  the  “cloud”  knows  no  boundaries     Breach  harder  to  detect  &  manage   •  •  •  CSP  may  use  third-­‐party  providers  for  elements  of  the  service   Audit  trail  across  mulBple  plamorms  not  necessarily  integrated   Geographic  distribuBon  concerns  remain   ®  
The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy   Think  that  3rd   parBes  are  not   looking  for   YOUR  data?     THINK  AGAIN…   ®  
The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy    Stengart  v.  Loving  Care  Agency,  Inc.,  990  A.2d  650  (2010)   company  policy  claiming  it  owned  all  informaBon  on  its   computers  NOT  enough  to  permit  retenBon  of  aKorney-­‐client   privileged  emails    N.J.  Appellate  Division  reversed  Superior  Court’s  order     ordered  employer  and  its  counsel  to  turn  over  ALL  email   communicaBons  between  plainBff  and  her  counsel  AND  delete   same  for  hard  drives     Ordered  hearing  on  sancBons    Point:  aKorney-­‐client  privilege  “substanBally  outweigh[s]”   employer’s  enforcement  of  its  own  policies     ®  
The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy    City  of  Ontario  v.  Quon,  130  S.Ct.2619  (2010)  –  9-­‐0  decision   holding  City  did  NOT  violate  police  employees’  4th   Amendment  rights  by  searching  text  messages  on  city-­‐owned   pagers      SCOTUS  rev’d  9th  Circuit     found  search  to  be  “reasonable”  because    moBvated  by   legiBmate  work-­‐related  purpose  &  not  excessive  in  scope     Rejected  9th  Circuit’s  “least  intrusive”  means  approach  (i.e.  use   less  intrusive  methods  to  determine  proper  use  of  pagers)    BUT…did  not  address  employee  privacy  expectaBons   when  using  employer  computers   ®  
The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Compliance  with  privacy  and  security  laws  and   regulaBons  no  longer  a  domes-c  maGer       Trans-­‐border  flow  of  private  informaBon  may  trigger  obligaBons     U.S.  laws  far  LESS  restricBve  than  other  countries  (parBcularly  the   European  Union)     Liability  for  breach  depends  upon  who  controls  the  data   versus  mere  data  processors     Many  data  privacy  laws  pre-­‐date  cloud  compuBng  capability   ®  
The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Some  DomesBc  ConsideraBons:   •  •  •  •  •  Graham  Leach  Bliley  Act  -­‐  Financial  insBtuBons  must  have  policies/ procedures  in  place  to  protect  “non-­‐public  personal  financial   informaBon”  from  improper  disclosure   HIPAA/HITECH  Act  –  “Covered  enBBes”  required  to  noBfy  affected   persons  of  breach  of  unencrypted  “personal  health  informaBon”   FTC  Safeguards  Rule  –  Financial  insBtuBons  required  to  have    wriKen   security  plan  regarding  customer’s  private  informaBon   FTC  Red  Flags  Rule  –  InsBtuBons  holding  credit  accounts  must  have   wriKen  idenBty  theQ  program   Stored  CommunicaBons  Act  -­‐  protecBon  from  disclosure  for  emails  and   other  private  data  that  are  in  such  electronic  storage   ®  
The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Some  InternaBonal  ConsideraBons   •  EU  Data  ProtecBon  DirecBve  95/46/EC  –  no  transfer  of  data  to   countries  OUTSIDE  the  EU  unless  they  offer  an  “adequate  level  of   protecBon”  OR  where  excep-ons  apply...like  the  U.S.  Safe  Harbor  List   •  U.S.  Department  of  Commerce  negoBated  a  safe  harbor  framework   with  the  European  Commission  to  “bridge”  differences  in  privacy   protecBon  with  EU  member  states   •  CerBfying  to  the  “safe  harbor”  will  assure  that  EU  organizaBons  know   that  your  company  provides  "adequate"  privacy  protecBon   ®  
The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     MUST  understand  the  CSP  operaBonal  model  to  facilitate   compliance  with  applicable  privacy  and  security  laws/ regulaBons  (especially  interna-onally  stored  data)     REVIEW  CSP  privacy  policy  AND  security  procedures  for   conBnuity  with  exisBng  company  procedures  &  guidelines  (i.e.   audit/reporBng  requirements,  security  breach  noBficaBons)     IDENTIFY  and  SPECIFY  data  security  controls  at  the  soQware   level  (i.e.  encrypBon,  firewalls),  as  well  as  physical  security   ®  
The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     Different  contractual  consideraBons  from   outsourcing  model   •  •  •  LocaBon  of  service/data  NOT  fixed,  but  distributed   CSP  owns  the  technology,  NOT  the  user/company   Contracts  normally  NOT  negoBable     Risk  allocaBon  far  more  difficult  to  address   •  •  •  No  tradiBonal  soQware  “license”  –  is  an  access  model   LiKle  to  no  indemnity/infringement  protecBon  from  CSP   LimitaBon  of  liability  may  not  cover  anBcipated  risk   ®  
   The  Legal  ConsideraBons  in  Cloud  CompuBng:       Contractual  ConsideraBons   Don’t  think  third  parBes  are  “looking”?    THINK  AGAIN…   “Just  as  a  sender  of  a  leKer  to  a  business  colleague  cannot  be  surprised   that  the  recipient’s  assistant  opens  the  leKer,  people  who  use  web-­‐based   email  today  cannot  be  surprised  if  their  communica9ons  are  processed   by  the  recipient’s  ECS  provider  in  the  course  of  delivery.  Indeed,  “a   person  has  no  legi9mate  expecta9on  of  privacy  in  informa9on  he   voluntarily  turns  over  to  third  par9es.”  Smith  v.  Maryland,  442  U.S.  735,   743-­‐44  (1979).”  (emphasis  added)   Google  MoBon  to  Dismiss,  In  re  Google  Gmail  Li-ga-on,  Case  No.  5:13-­‐ md-­‐02430-­‐LHK  (N.D.  Ca.)   ®  
The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     JurisdicBon   •  Governing  law/Venue  always  favors  the  CSP     LimitaBons  of  Liability   •  Usually  no  liability  for  damages  whatsoever  (data   deleBon,  corrupBon,  failure  to  access,  etc.)     Limited  to  No  Warranty   •  •  “AS-­‐IS”  or  “as  available”   No  warranty  that  service  uninterrupted/error-­‐free  –   limited  to  SLA,  which  may  be  inadequate   ®  
The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     TerminaBon   •  •  •  CSPs  usually  reserve  right  to  terminate  unilaterally   Data  portability  in  event  of  terminaBon?  Avoid  “lock-­‐in”   What  is  CSP  goes  bankrupt?       Service  Level  Agreement  (“SLA”)   •  Usually  rely  upon  service  credits  in  event  of  specified   period  of  downBme,  BUT  credits  mean  liKle  when  the   service  is  down!     AudiBng/compliance?   ®  
   The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons   Google  Apps  Examples:   “Representa,ons.  …Google  warrants  that  it  will  provide  the  Services  in   accordance  with  the  applicable  SLA.”   “Disclaimers.  EXCEPT  AS  EXPRESSLY  PROVIDED  FOR  HEREIN,  NEITHER   PARTY  MAKES  ANY  OTHER  WARRANTY  OF  ANY  KIND,  WHETHER  EXPRESS,   IMPLIED,  STATUTORY  OR  OTHERWISE,  INCLUDING  WITHOUT  LIMITATION   WARRANTIES  OF  MERCHANTABILITY,  FITNESS  FOR  A  PARTICULAR  USE  AND   NONINFRINGEMENT.  GOOGLE  MAKES  NO  REPRESENTATIONS  ABOUT  ANY   CONTENT  OR  INFORMATION  MADE  ACCESSIBLE  BY  OR  THROUGH  THE   SERVICE.  THE  SERVICE  IS  NEITHER  DESIGNED  NOR  INTENDED  FOR  HIGH   RISK  ACTIVITIES.  CUSTOMER  ACKNOWLEDGES  THAT  THE  SERVICES  ARE  NOT   A  TELEPHONY  SERVICE  AND  THAT  THE  SERVICES  ARE  NOT  CAPABLE  OF   PLACING  OR  RECEIVING  ANY  CALLS,  INCLUDING  EMERGENCY  SERVICES   CALLS,  OVER  PUBLICLY  SWITCHED  TELEPHONE  NETWORKS.     ®  
   The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons    Google  Apps  Examples:    “Limita,on  on  Indirect  Liability.  NEITHER  PARTY  WILL  BE  LIABLE  UNDER  THIS     AGREEMENT  FOR  LOST  REVENUES  OR  INDIRECT,  SPECIAL,  INCIDENTAL,   CONSEQUENTIAL,  EXEMPLARY,  OR  PUNITIVE  DAMAGES,  EVEN  IF  THE  PARTY   KNEW  OR  SHOULD  HAVE  KNOWN  THAT  SUCH  DAMAGES  WERE  POSSIBLE  AND   EVEN  IF  DIRECT  DAMAGES  DO  NOT  SATISFY  A  REMEDY.”      “Limita,on  on  Amount  of  Liability.  NEITHER  PARTY  MAY  BE  HELD  LIABLE   UNDER  THIS  AGREEMENT  FOR  MORE  THAN  THE  AMOUNT  PAID  BY   CUSTOMER  TO  GOOGLE  DURING  THE  TWELVE  MONTHS  PRIOR  TO  THE  EVENT   GIVING  RISE  TO  LIABILITY.    “Governing  Law.  This  Agreement  is  governed  by  California  law,  excluding  that   state’s  choice  of  law  rules.  FOR  ANY  DISPUTE  RELATING  TO  THIS  AGREEMENT,   THE  PARTIES  CONSENT  TO  PERSONAL  JURISDICTION  IN,  AND  THE  EXCLUSIVE   VENUE  OF,  THE  COURTS  IN  SANTA  CLARA  COUNTY,  CALIFORNIA.  “   ®  
The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     MUST  take  CSP  operaBonal  model  into  consideraBon  to   address  specific  points  of  impact  and  allocate  risk  –  KNOW   the  3P  providers     REVIEW  service  levels/credits  with  a  wary  eye  –  may  NOT  be   enough  to  cover  for  impact  of  downBme  on  business     MUST  address  data  export  capabiliBes  and  ensure   compaBbility  with  business  conBnuity  and  DR  plan     NEGOTIATE…NEGOTIATE…NEGOTIATE!   ®  
Weather  Brewing  on  the  Horizon:   Intellectual  Property    Intellectual  property  rights  and  the  “cloud”  more   difficult  to  address:   •  No  tradiBonal  license  model   •  “Legacy”  systems/soQware  –  connecBvity  to  the   “cloud”  may  not  be  consistent  with  exisBng  licenses   •  Possible  fixaBon  issues  due  to  distributed  architecture    Evolving  technology  means  the  law  is  desperately   trying  to  catch-­‐up    Trade  secrets  issues  –  inconsistent  with  cloud  model?   ®  
Weather  Brewing  on  the  Horizon:   Intellectual  Property    Copyright   •  Remote  storage  DVR  system  held  not  to  be  a  violaBon  of   U.S.  copyright  law  (See  Cartoon  Network  LP,  LLLP  v.  CSC   Holdings,  Inc.,  536  F.3d  121  (2nd  Cir.  2008),  cert.  den’d  129   S.Ct.  2890  (2009))   •  Aereo  (retransmission  of  over-­‐the-­‐air  broadcasts  to  mobile   devices)   •  Digital  Entertainment  Content  Ecosystem  (DECE)  –  a.k.a.   “Ultraviolet”  -­‐    purchase  content  once,  then  view  in  many   formats  and  on  many  devices  from  cloud-­‐based  account   ®  
Weather  Brewing  on  the  Horizon:   Intellectual  Property            Trade  Secrets  –  protecBons  may  be  more  limited!   Trade  secret  informaBon  stored  in  the  cloud  may  be  subject  to  loopholes   that  permit  unauthorized  third-­‐party  disclosure.  See  Sherman  &  Co.  v.   Salton  Maxim  Housewares,  Inc.,  94  F.Supp.2d  817  (E.D.  Mich.  2000)   (holding  that  the  Stored  CommunicaBons  Act  only  prohibits  the   disclosure  of  stored  communicaBons  where  the  disclosing  party  provides   an  “electronic  communicaBon  service”,  and  a  person  who  does  not   provide  such  a  service  "can  disclose  or  use  with  impunity  the  contents  of   an  electronic  communicaBon  unlawfully  obtained  from  storage."  (citaBon   omiKed)).   ®  
Weather  Brewing  on  the  Horizon:   Intellectual  Property     MUST  determine  how  IP  “creators”  in  organizaBon   would  be  using  CSP  services  and  where  stored     REVIEW  any  legacy  system  Be-­‐in  to  cloud  for  license   compliance     RETHINK  placing  trade  secret  informaBon  within  the   cloud  –  law  is  evolving  here   ®  
Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon    Discovery  of  electronically  stored  informaBon  (“ESI”)   drama-cally  more  difficult  in  the  cloud   •  Data  preservaBon/integrity  hard  to  manage   •  Data  may  be  housed  in  mul-ple  countries   •  CSPs  may  use  3P  providers      JurisdicBonal  issues   •  Enforceability  –  mulBple  countries  vs.  governing  law   •  Country  where  data  is  resident  in  computer  facility  –   governmental  access?   ®  
Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon     PreservaBon  is  KEY   •  Unlike  outsourced  soluBons,  users  may  not  know  what   infrastructure  they  are  using  or  the  physical  locaBon  of   data   •  CSP  may  be  able  to  retrieve  the  data,  but  NOT  know  where   your  data  is  for  the  purpose  of  a  liBgaBon  hold   •  CSP  may  use  third-­‐party  service  providers  for  elements  of   services  provided  to  the  user,  exacerbaBng  the  issue     Courts  may  NOT  disBnguish  servers  in  the  “cloud”   from  ones  in  direct  possession   ®  
Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon     SpoliaBon   •  Cloud  infrastructure  increases  spoliaBon  risk   •  Where  CSPs  use  3P  providers  –  greater  danger     Data  Integrity   •  Data  at  rest  –  MUST  be  free  from  corrupBon   •  How  to  ensure  NO  CHANGE  to  data  upon  hold?     Standard  CSP  agreements  do  NOT  account  for   possibility  of  ESI  preservaBon  by  default   ®  
Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon    MUST  account  for  specific  CSP  model  and  viability  of   the  CSP  regarding  ability  to  comply  with  e-­‐discovery   and  liBgaBon  holds    DEMAND  accountability  for  handling  of  ESI   •  General  “cooperaBon”  clause   •  Acknowledge  compliance  with  liBgaBon  holds    STRONGLY  CONSIDER  a  separate  agreement   ®  
Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    Law  firm  use  of  CSPs  for  their  IT  needs  growing    ConsideraBons  are  more  delicate  for  law  firms  due  to   client  confidenBality  obligaBons,  privilege,  etc.    BoKom  line:  it  is  available,  but  is  it  ethical?   ®  
Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    Answer:    IT  DEPENDS    17  states  so  far:  Use  of  CSPs  for  storage  of  client  files  so  long   as  a  reasonable  standard  of  care  is  exercised,  BUT  differences:    Alabama,  Arizona,  California,  ConnecBcut,  Florida,  Iowa,  Maine,   MassachuseKs,  New  Hampshire,  New  Jersey,  Nevada,  New  York,  North   Carolina,  Oregon,  Pennsylvania,  Vermont  &  Virginia    BoKom  Line:        Use  DILIGENCE  and  COMPETENCE  exercising  reasonable  care    MUST  have  a  BASIC  understanding  of  the  technologies  used    Have  an  OBLIGATION  to  remain  current  on  the  technologies   ®  
Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    What  is  considered  a  “reasonable  standard  of  care”?     •  MUST  be  knowledgeable  about  CSP  handling  of  data     •  MUST  contract  with  CSP  to  preserve  confidenBality/security  of  data    Transposing  the  “reasonableness”  standard  from  “brick  &   mortar”  to  the  “cloud”  not  as  easy  as  you  may  think:   •  •  •  •  •  Security  –  client  confidenBality  requires  strong  contractual  protecBons   Backups  –  MUST  think  about  IaaS  infrastructure   Data  access  –  SLA  service  credit  should  NOT  be  sole  remedy   Portability  –  Transfer  of  data  in  event  of  terminaBon  crucial   Bankruptcy  of  CSP  –  how  to  account  for  possibility?   ®  
Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    USE  COMMON  SENSE   •  Understand  how  the  CSP  will  handle  the  data   •  Don’t  be  afraid  to  ask  quesBons  –  arguably  have  a  duty  TO   ask  them!   •  Security  should  cover  both  soQware  capabiliBes  AND   physical  faciliBes    BoKom  Line:  LET’S  BE  CAREFUL  OUT  THERE!…   ®  
“Partly Sunny with a Chance of Rain”: Forecasting the Legal Issues in Cloud Computing   Q  &  A                                          Email:  tom.kulik@solidcounsel.com            LinkedIn:  hKp://www.linkedin.com/in/tkulik            TwiKer:  @LegaIntangibls            Google+:  hKp://gplus.to/TomKulik              Blog:  hKp://www.legalintangibles.com   ®  

Recomendados

Teja pp matter
Teja pp matterTeja pp matter
Teja pp matter9505567198
 
Jagadeesha kulal J - Cloud computing
Jagadeesha kulal J - Cloud computing Jagadeesha kulal J - Cloud computing
Jagadeesha kulal J - Cloud computing JAGADEESHA KULAL J
 
Cloud computing
Cloud computingCloud computing
Cloud computingPrince Shrivastava
 
Cloud computing course and tutorials
Cloud computing course and tutorialsCloud computing course and tutorials
Cloud computing course and tutorialsUdara Sandaruwan
 
Cloud computing applicatio
Cloud computing applicatioCloud computing applicatio
Cloud computing applicatioChetan Sontakke
 
CLOUD COMPUTING
CLOUD COMPUTINGCLOUD COMPUTING
CLOUD COMPUTINGobinna onwuemelu
 
Cloud computing white paper
Cloud computing white paperCloud computing white paper
Cloud computing white paperVaneesh Bahl
 
Cloud computing.pptx
Cloud computing.pptxCloud computing.pptx
Cloud computing.pptxProfRajivKumarShobhi
 

Recomendados

Teja pp matter
Teja pp matterTeja pp matter
Teja pp matter9505567198
 
Jagadeesha kulal J - Cloud computing
Jagadeesha kulal J - Cloud computing Jagadeesha kulal J - Cloud computing
Jagadeesha kulal J - Cloud computing JAGADEESHA KULAL J
 
Cloud computing
Cloud computingCloud computing
Cloud computingPrince Shrivastava
 
Cloud computing course and tutorials
Cloud computing course and tutorialsCloud computing course and tutorials
Cloud computing course and tutorialsUdara Sandaruwan
 
Cloud computing applicatio
Cloud computing applicatioCloud computing applicatio
Cloud computing applicatioChetan Sontakke
 
CLOUD COMPUTING
CLOUD COMPUTINGCLOUD COMPUTING
CLOUD COMPUTINGobinna onwuemelu
 
Cloud computing white paper
Cloud computing white paperCloud computing white paper
Cloud computing white paperVaneesh Bahl
 
Cloud computing.pptx
Cloud computing.pptxCloud computing.pptx
Cloud computing.pptxProfRajivKumarShobhi
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingvishnu varunan
 
webiOS
webiOSwebiOS
webiOSMayur Ahir
 
Cloud Computing By Pankaj Sharma
Cloud Computing By Pankaj SharmaCloud Computing By Pankaj Sharma
Cloud Computing By Pankaj SharmaRanjan Kumar
 
cloud computing documentation
cloud computing documentationcloud computing documentation
cloud computing documentationshilpa bojji
 
Demystifying Cloud Computing
Demystifying Cloud Computing Demystifying Cloud Computing
Demystifying Cloud Computing Fazle Abbas Luqmani
 
Demystifying the cloud
Demystifying the cloudDemystifying the cloud
Demystifying the cloudDean Bonehill ♠Technology for Business♠
 
Cloud computing
Cloud computingCloud computing
Cloud computingJawhar Ali
 
Data Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingData Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingCloud Legal Project
 
Cloud computing 1
Cloud computing 1Cloud computing 1
Cloud computing 1Sagar Kumar
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingvishnu varunan
 
Cloud computing for enterprise
Cloud computing for enterpriseCloud computing for enterprise
Cloud computing for enterprisePravin Asar
 
Cloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud Legal Project
 
Introduction of cloud By Pawan Thakur
Introduction of cloud By Pawan ThakurIntroduction of cloud By Pawan Thakur
Introduction of cloud By Pawan ThakurGovt. P.G. College Dharamshala
 
Cloud computing
Cloud computingCloud computing
Cloud computingNEHA GAUTAM
 
Introduction of Cloud Computing By Pawan Thakur HOD CS & IT
Introduction of Cloud Computing By Pawan Thakur HOD CS & ITIntroduction of Cloud Computing By Pawan Thakur HOD CS & IT
Introduction of Cloud Computing By Pawan Thakur HOD CS & ITGovt. P.G. College Dharamshala
 
Cloud computing
Cloud computingCloud computing
Cloud computingKshitij Mittal
 
About Cloud Computing
About Cloud ComputingAbout Cloud Computing
About Cloud ComputingNaman Talati
 
Cloud Computing Documentation Report
Cloud Computing Documentation ReportCloud Computing Documentation Report
Cloud Computing Documentation ReportUsman Sait
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingTilani Gunawardena PhD(UNIBAS), BSc(Pera), FHEA(UK), CEng, MIESL
 
Cloud computing
Cloud computingCloud computing
Cloud computingmaheshwari gannerla
 
Privacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal SectorPrivacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal SectorLew Oleinick
 
Fault Tolerance in AWS Distributed Cloud Computing
Fault Tolerance in AWS Distributed Cloud ComputingFault Tolerance in AWS Distributed Cloud Computing
Fault Tolerance in AWS Distributed Cloud ComputingCaner KAYA
 

Mais conteúdo relacionado

Mais procurados

Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingvishnu varunan
 
Cloud Computing By Pankaj Sharma
Cloud Computing By Pankaj SharmaCloud Computing By Pankaj Sharma
Cloud Computing By Pankaj SharmaRanjan Kumar
 
cloud computing documentation
cloud computing documentationcloud computing documentation
cloud computing documentationshilpa bojji
 
Cloud computing
Cloud computingCloud computing
Cloud computingJawhar Ali
 
Data Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingData Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingCloud Legal Project
 
Cloud computing 1
Cloud computing 1Cloud computing 1
Cloud computing 1Sagar Kumar
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingvishnu varunan
 
Cloud computing for enterprise
Cloud computing for enterpriseCloud computing for enterprise
Cloud computing for enterprisePravin Asar
 
Cloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud Legal Project
 
Introduction of Cloud Computing By Pawan Thakur HOD CS & IT
Introduction of Cloud Computing By Pawan Thakur HOD CS & ITIntroduction of Cloud Computing By Pawan Thakur HOD CS & IT
Introduction of Cloud Computing By Pawan Thakur HOD CS & ITGovt. P.G. College Dharamshala
 
About Cloud Computing
About Cloud ComputingAbout Cloud Computing
About Cloud ComputingNaman Talati
 
Cloud Computing Documentation Report
Cloud Computing Documentation ReportCloud Computing Documentation Report
Cloud Computing Documentation ReportUsman Sait
 

Mais procurados (20)

Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
 
webiOS
webiOSwebiOS
webiOS
 
Cloud Computing By Pankaj Sharma
Cloud Computing By Pankaj SharmaCloud Computing By Pankaj Sharma
Cloud Computing By Pankaj Sharma
 
cloud computing documentation
cloud computing documentationcloud computing documentation
cloud computing documentation
 
Demystifying Cloud Computing
Demystifying Cloud Computing Demystifying Cloud Computing
Demystifying Cloud Computing
 
Demystifying the cloud
Demystifying the cloudDemystifying the cloud
Demystifying the cloud
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Data Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingData Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud Computing
 
Cloud computing 1
Cloud computing 1Cloud computing 1
Cloud computing 1
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
 
Cloud computing for enterprise
Cloud computing for enterpriseCloud computing for enterprise
Cloud computing for enterprise
 
Cloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risks
 
Introduction of cloud By Pawan Thakur
Introduction of cloud By Pawan ThakurIntroduction of cloud By Pawan Thakur
Introduction of cloud By Pawan Thakur
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Introduction of Cloud Computing By Pawan Thakur HOD CS & IT
Introduction of Cloud Computing By Pawan Thakur HOD CS & ITIntroduction of Cloud Computing By Pawan Thakur HOD CS & IT
Introduction of Cloud Computing By Pawan Thakur HOD CS & IT
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
About Cloud Computing
About Cloud ComputingAbout Cloud Computing
About Cloud Computing
 
Cloud Computing Documentation Report
Cloud Computing Documentation ReportCloud Computing Documentation Report
Cloud Computing Documentation Report
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 

Semelhante a Legal Issues in Cloud Computing

Privacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal SectorPrivacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal SectorLew Oleinick
 
Fault Tolerance in AWS Distributed Cloud Computing
Fault Tolerance in AWS Distributed Cloud ComputingFault Tolerance in AWS Distributed Cloud Computing
Fault Tolerance in AWS Distributed Cloud ComputingCaner KAYA
 
Cloud computing – An Overview
Cloud computing – An OverviewCloud computing – An Overview
Cloud computing – An OverviewKannan Subbiah
 
Cloud Computing : Revised Presentation
Cloud Computing : Revised PresentationCloud Computing : Revised Presentation
Cloud Computing : Revised PresentationMayank Aggarwal
 
Cloud computing
Cloud computingCloud computing
Cloud computingsuraj1536
 
Comparative study of Data management for cloud computing deployment
Comparative study of Data management for cloud computing deploymentComparative study of Data management for cloud computing deployment
Comparative study of Data management for cloud computing deploymentAkanksha Chandel
 
Cloud Computing Made Easy
Cloud Computing Made EasyCloud Computing Made Easy
Cloud Computing Made EasyMayank Aggarwal
 
Cloud computing
Cloud computingCloud computing
Cloud computingRam Mohan
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computingnitinw25
 
Moving to cloud computing step by step linthicum
Moving to cloud computing step by step linthicumMoving to cloud computing step by step linthicum
Moving to cloud computing step by step linthicumDavid Linthicum
 
Distributed Computing - Cloud Computing and Other Buzzwords: Implications for...
Distributed Computing - Cloud Computing and Other Buzzwords: Implications for...Distributed Computing - Cloud Computing and Other Buzzwords: Implications for...
Distributed Computing - Cloud Computing and Other Buzzwords: Implications for...Mark Conrad
 

Semelhante a Legal Issues in Cloud Computing (20)

Privacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal SectorPrivacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal Sector
 
Fault Tolerance in AWS Distributed Cloud Computing
Fault Tolerance in AWS Distributed Cloud ComputingFault Tolerance in AWS Distributed Cloud Computing
Fault Tolerance in AWS Distributed Cloud Computing
 
Cloud computing ppts
Cloud computing pptsCloud computing ppts
Cloud computing ppts
 
Understanding Cloud Computing
Understanding Cloud ComputingUnderstanding Cloud Computing
Understanding Cloud Computing
 
cloud computing
cloud computingcloud computing
cloud computing
 
Cloud computing ppts
Cloud computing pptsCloud computing ppts
Cloud computing ppts
 
Cloud computing – An Overview
Cloud computing – An OverviewCloud computing – An Overview
Cloud computing – An Overview
 
CC01.pptx
CC01.pptxCC01.pptx
CC01.pptx
 
Cloud Computing : Revised Presentation
Cloud Computing : Revised PresentationCloud Computing : Revised Presentation
Cloud Computing : Revised Presentation
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Comparative study of Data management for cloud computing deployment
Comparative study of Data management for cloud computing deploymentComparative study of Data management for cloud computing deployment
Comparative study of Data management for cloud computing deployment
 
Cloud Computing Made Easy
Cloud Computing Made EasyCloud Computing Made Easy
Cloud Computing Made Easy
 
CompTIA Cloud Plus Certification Bootcamp June 2017
CompTIA Cloud Plus Certification Bootcamp June 2017CompTIA Cloud Plus Certification Bootcamp June 2017
CompTIA Cloud Plus Certification Bootcamp June 2017
 
Sami-Cloud
Sami-CloudSami-Cloud
Sami-Cloud
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Moving to cloud computing step by step linthicum
Moving to cloud computing step by step linthicumMoving to cloud computing step by step linthicum
Moving to cloud computing step by step linthicum
 
Distributed Computing - Cloud Computing and Other Buzzwords: Implications for...
Distributed Computing - Cloud Computing and Other Buzzwords: Implications for...Distributed Computing - Cloud Computing and Other Buzzwords: Implications for...
Distributed Computing - Cloud Computing and Other Buzzwords: Implications for...
 

Último

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Último (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Legal Issues in Cloud Computing

  • 1. “Partly Sunny with a Chance of Rain II”: Forecasting the Legal Issues in Cloud Computing by: Thomas A. Kulik Chairman, Dallas Bar Association Computer Law Section Partner, Scheef & Stone, L.L.P. Dallas Bar Association – Computer Law Section October 28, 2013   ®  
  • 2. About  the  Presenter   Tom  Kulik  is  a  Partner  in  Scheef  &  Stone,  L.L.P.  out  of  its  headquarters  in   Dallas,  Texas,  as  well  as  Chairman  of  the  Dallas  Bar  AssociaBon  Computer  Law   SecBon.    With  a  deep  understanding  of  how  intellectual  property  assets   influence  business,  he  leverages  20  years  of  law  pracBce  with  prior  industry   experience,  strategically  counseling  clients  on  maKers  involving  the   evaluaBon,  acquisiBon,  development  and  protecBon  of  intellectual  property   rights,  with  an  emphasis  on  creaBvely  leveraging  such  assets  both   domesBcally  and  internaBonally.   Prior  to  matriculaBon  in  law  school,  he  was  an  award-­‐winning  systems   engineer  for  3Com  CorporaBon,  where  he  was  responsible  for  local  and  wide-­‐ area  network  architecture  and  design  supporBng  both  Fortune  500  and  start-­‐ up  companies  in  the  computer  services,  financial  and  pharmaceuBcal   industries.     Leveraging  this  industry  experience,  his  pracBce  focuses  on  intellectual   property  transacBons,  parBcularly  within  the  context  of  the  computer   soQware,  emerging  Internet  technologies  and  e-­‐commerce,  and  includes  an   extensive  trademark  preparaBon  and  prosecuBon  pracBce  and  aKendant   intellectual  property  liBgaBon.   ®  
  • 3. What  is  the  “Cloud”?...   ®  
  • 4. …and  What  is  “Cloud  CompuBng”?   “SaaS”            “PaaS”   “IaaS”   ®  
  • 5.    “Cloud  CompuBng”  –  A  Hazy  Phrase   for  a  Foggy  (Evolving)  Concept   “As  a  metaphor  for  the  Internet,  "the  cloud"  is  a   familiar  cliché,  but  when  combined  with   "compuBng,"  the  meaning  gets  bigger  and  fuzzier… [but  essenBally]  encompasses  any  subscripBon-­‐ based  or  pay-­‐per-­‐use  service    that,  in  real  Bme  over   the  Internet,  extends  IT's  exisBng  capabiliBes.”    What  Cloud  Compu-ng  Really  Means,  Eric  Knor  &  Galen  Gruman,  InfoWorld,  2009   ®  
  • 6. “Cloud  CompuBng”  DefiniBon  –  The  NaBonal   InsBtute  of  Standards  and  Technology            “Cloud  compuBng  is  a  model  for  enabling  convenient,  on-­‐ demand  network  access  to  a  shared  pool  of  configurable   compuBng  resources  (e.g.,  networks,  servers,  storage,   applicaBons,  and  services)  that  can  be  rapidly  provisioned   and  released  with  minimal  management  effort  or  service   provider  interacBon.  This  cloud  model  promotes  availability   and  is  composed  of  five  essen-al  characteris-cs,  three   service  models,  and  four  deployment  models.”        The  NIST  Defini,on  of  Cloud  Compu,ng,  Peter  Mell  and  Tim  Grance,  Version  15,  October  7,  2009   ®  
  • 7.        “Cloud  CompuBng”-­‐  EssenBal  CharacterisBcs   •  On-­‐demand  self-­‐service  –  unilateral  and  automaBc   provisioning  of  a  user’s  compuBng  needs   •  Broad  network  access  –  services  available  through  the   network  to  cellphones,  PDAs,  laptops,  iPads,  etc.     •  Resource  pooling  –  dynamic  assignment  of  physical  and   virtual  compuBng  resources   •  Rapid  elas9city  –  quick  scale-­‐out/scale-­‐in  –  seamless  and   seemingly  unlimited  to  the  user   •  Measured  Service  –  automaBc  control  to  opBmize   management  of  resources  (storage,  processing,   bandwidth,  accounts)   ®  
  • 8. “Cloud  CompuBng”  –  Service  Models    So7ware-­‐as-­‐a-­‐Service  (“SaaS”)   •  External  soQware  hosBng  in  a  cloud  infrastructure    PlaDorm-­‐as-­‐a-­‐Service  (“PaaS”)   •  Think  “SaaS-­‐plus”  –  compuBng  plamorm  and  “soluBon   stack”  for  building  and  running  custom  applicaBons  by  the   user        Infrastructure-­‐as-­‐a-­‐Service  (“IaaS”)   •  Data  processing,  storage,  network  and  other  fundamental   compuBng  resources  in  cloud  infrastructure   ®  
  • 9. Examples  of  Cloud  Services  from  Cloud   Service  Providers”  (“CSPs”)    Infrastructure-­‐as-­‐a-­‐Service  (“IaaS”)   •  Amazon  ElasBc  Compute  Cloud  (EC2),  Amazon  S3,   Rackspace    So7ware-­‐as-­‐a-­‐Service  (“SaaS”)   •  Apple  iCloud,  Google  Apps,  Facebook  ApplicaBons    PlaDorm-­‐as-­‐a-­‐Service  (“PaaS”)   •  Salesforce  AppExchange,  Google  AppExchange   ®  
  • 10. “Cloud  CompuBng”  –  Deployment  Models     Private  Cloud     Used  solely  by/operated  solely  for  the  organizaBon     Community  Cloud     Used  by/operated  for  mulBple  organizaBons  Bed  to  a  “specific   community”  with  “shared  concerns”     Public  Cloud     Owned  by  CSP  providing  cloud  services  to  the  public     Hybrid  Cloud     ComposiBon  of  2  or  more  disBnct  clouds  “bound  together  by   standardized  or  proprietary  technology  that  enables  data  and   applicaBon  portability”     ®  
  • 11.    “Cloud  CompuBng”  –  DefiniBon  in  a  Nutshell          A  fully-­‐scalable  service  for  processing  and  storing   data  using  third-­‐party  shared  resources,  soQware   and  informaBon  accessible  over  a  network  (i.e.  the   Internet),  and  provided  to  computers  and  other   devices  on-­‐demand:     Usually  subscripBon-­‐based     May  be  pay-­‐per-­‐use     Even  free!   ®  
  • 12. Why  the  Cloud  Model?     A  “Perfect  Storm”     •  Economics  -­‐  IT  capital  cost  pressures  pushing  for  beKer   ROI   •  More  for  Less  -­‐  Technological  InnovaBon  is  permipng:   »  BeKer  communicaBons  bandwidth  availability   »  Improved  microprocessor/bus  speeds   »  Increased  storage  capabiliBes   •  “Virtualiza,on”  –  easier  for  CSPs  to  maximize   infrastructure  for  the  services  provided  and  offload  much   IT  management   ®  
  • 13. The  Legal  ConsideraBons  in  Cloud   CompuBng:    More  Than  A  Drizzle…     Security  &  Privacy     Contractual  ConsideraBons     Intellectual  Property     E-­‐Discovery  &  LiBgaBon     Ethical  ConsideraBons  for  Lawyers   ®  
  • 14. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Data  in  the  “Cloud”  harder  to  protect   •  •  •  Is  a  “mulB-­‐tenant”  architecture  –  data  stored  on  a  virtual  server  that   shares  same  physical  server  with  other  virtual  servers   Security  dependent  upon  configuraBon  of  the  virtual  servers  and  API   vulnerabiliBes   Geographic  distribuBon  concerns  –  the  “cloud”  knows  no  boundaries     Breach  harder  to  detect  &  manage   •  •  •  CSP  may  use  third-­‐party  providers  for  elements  of  the  service   Audit  trail  across  mulBple  plamorms  not  necessarily  integrated   Geographic  distribuBon  concerns  remain   ®  
  • 15. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy   Think  that  3rd   parBes  are  not   looking  for   YOUR  data?     THINK  AGAIN…   ®  
  • 16. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy    Stengart  v.  Loving  Care  Agency,  Inc.,  990  A.2d  650  (2010)   company  policy  claiming  it  owned  all  informaBon  on  its   computers  NOT  enough  to  permit  retenBon  of  aKorney-­‐client   privileged  emails    N.J.  Appellate  Division  reversed  Superior  Court’s  order     ordered  employer  and  its  counsel  to  turn  over  ALL  email   communicaBons  between  plainBff  and  her  counsel  AND  delete   same  for  hard  drives     Ordered  hearing  on  sancBons    Point:  aKorney-­‐client  privilege  “substanBally  outweigh[s]”   employer’s  enforcement  of  its  own  policies     ®  
  • 17. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy    City  of  Ontario  v.  Quon,  130  S.Ct.2619  (2010)  –  9-­‐0  decision   holding  City  did  NOT  violate  police  employees’  4th   Amendment  rights  by  searching  text  messages  on  city-­‐owned   pagers      SCOTUS  rev’d  9th  Circuit     found  search  to  be  “reasonable”  because    moBvated  by   legiBmate  work-­‐related  purpose  &  not  excessive  in  scope     Rejected  9th  Circuit’s  “least  intrusive”  means  approach  (i.e.  use   less  intrusive  methods  to  determine  proper  use  of  pagers)    BUT…did  not  address  employee  privacy  expectaBons   when  using  employer  computers   ®  
  • 18. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Compliance  with  privacy  and  security  laws  and   regulaBons  no  longer  a  domes-c  maGer       Trans-­‐border  flow  of  private  informaBon  may  trigger  obligaBons     U.S.  laws  far  LESS  restricBve  than  other  countries  (parBcularly  the   European  Union)     Liability  for  breach  depends  upon  who  controls  the  data   versus  mere  data  processors     Many  data  privacy  laws  pre-­‐date  cloud  compuBng  capability   ®  
  • 19. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Some  DomesBc  ConsideraBons:   •  •  •  •  •  Graham  Leach  Bliley  Act  -­‐  Financial  insBtuBons  must  have  policies/ procedures  in  place  to  protect  “non-­‐public  personal  financial   informaBon”  from  improper  disclosure   HIPAA/HITECH  Act  –  “Covered  enBBes”  required  to  noBfy  affected   persons  of  breach  of  unencrypted  “personal  health  informaBon”   FTC  Safeguards  Rule  –  Financial  insBtuBons  required  to  have    wriKen   security  plan  regarding  customer’s  private  informaBon   FTC  Red  Flags  Rule  –  InsBtuBons  holding  credit  accounts  must  have   wriKen  idenBty  theQ  program   Stored  CommunicaBons  Act  -­‐  protecBon  from  disclosure  for  emails  and   other  private  data  that  are  in  such  electronic  storage   ®  
  • 20. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Some  InternaBonal  ConsideraBons   •  EU  Data  ProtecBon  DirecBve  95/46/EC  –  no  transfer  of  data  to   countries  OUTSIDE  the  EU  unless  they  offer  an  “adequate  level  of   protecBon”  OR  where  excep-ons  apply...like  the  U.S.  Safe  Harbor  List   •  U.S.  Department  of  Commerce  negoBated  a  safe  harbor  framework   with  the  European  Commission  to  “bridge”  differences  in  privacy   protecBon  with  EU  member  states   •  CerBfying  to  the  “safe  harbor”  will  assure  that  EU  organizaBons  know   that  your  company  provides  "adequate"  privacy  protecBon   ®  
  • 21. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     MUST  understand  the  CSP  operaBonal  model  to  facilitate   compliance  with  applicable  privacy  and  security  laws/ regulaBons  (especially  interna-onally  stored  data)     REVIEW  CSP  privacy  policy  AND  security  procedures  for   conBnuity  with  exisBng  company  procedures  &  guidelines  (i.e.   audit/reporBng  requirements,  security  breach  noBficaBons)     IDENTIFY  and  SPECIFY  data  security  controls  at  the  soQware   level  (i.e.  encrypBon,  firewalls),  as  well  as  physical  security   ®  
  • 22. The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     Different  contractual  consideraBons  from   outsourcing  model   •  •  •  LocaBon  of  service/data  NOT  fixed,  but  distributed   CSP  owns  the  technology,  NOT  the  user/company   Contracts  normally  NOT  negoBable     Risk  allocaBon  far  more  difficult  to  address   •  •  •  No  tradiBonal  soQware  “license”  –  is  an  access  model   LiKle  to  no  indemnity/infringement  protecBon  from  CSP   LimitaBon  of  liability  may  not  cover  anBcipated  risk   ®  
  • 23.    The  Legal  ConsideraBons  in  Cloud  CompuBng:       Contractual  ConsideraBons   Don’t  think  third  parBes  are  “looking”?    THINK  AGAIN…   “Just  as  a  sender  of  a  leKer  to  a  business  colleague  cannot  be  surprised   that  the  recipient’s  assistant  opens  the  leKer,  people  who  use  web-­‐based   email  today  cannot  be  surprised  if  their  communica9ons  are  processed   by  the  recipient’s  ECS  provider  in  the  course  of  delivery.  Indeed,  “a   person  has  no  legi9mate  expecta9on  of  privacy  in  informa9on  he   voluntarily  turns  over  to  third  par9es.”  Smith  v.  Maryland,  442  U.S.  735,   743-­‐44  (1979).”  (emphasis  added)   Google  MoBon  to  Dismiss,  In  re  Google  Gmail  Li-ga-on,  Case  No.  5:13-­‐ md-­‐02430-­‐LHK  (N.D.  Ca.)   ®  
  • 24. The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     JurisdicBon   •  Governing  law/Venue  always  favors  the  CSP     LimitaBons  of  Liability   •  Usually  no  liability  for  damages  whatsoever  (data   deleBon,  corrupBon,  failure  to  access,  etc.)     Limited  to  No  Warranty   •  •  “AS-­‐IS”  or  “as  available”   No  warranty  that  service  uninterrupted/error-­‐free  –   limited  to  SLA,  which  may  be  inadequate   ®  
  • 25. The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     TerminaBon   •  •  •  CSPs  usually  reserve  right  to  terminate  unilaterally   Data  portability  in  event  of  terminaBon?  Avoid  “lock-­‐in”   What  is  CSP  goes  bankrupt?       Service  Level  Agreement  (“SLA”)   •  Usually  rely  upon  service  credits  in  event  of  specified   period  of  downBme,  BUT  credits  mean  liKle  when  the   service  is  down!     AudiBng/compliance?   ®  
  • 26.    The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons   Google  Apps  Examples:   “Representa,ons.  …Google  warrants  that  it  will  provide  the  Services  in   accordance  with  the  applicable  SLA.”   “Disclaimers.  EXCEPT  AS  EXPRESSLY  PROVIDED  FOR  HEREIN,  NEITHER   PARTY  MAKES  ANY  OTHER  WARRANTY  OF  ANY  KIND,  WHETHER  EXPRESS,   IMPLIED,  STATUTORY  OR  OTHERWISE,  INCLUDING  WITHOUT  LIMITATION   WARRANTIES  OF  MERCHANTABILITY,  FITNESS  FOR  A  PARTICULAR  USE  AND   NONINFRINGEMENT.  GOOGLE  MAKES  NO  REPRESENTATIONS  ABOUT  ANY   CONTENT  OR  INFORMATION  MADE  ACCESSIBLE  BY  OR  THROUGH  THE   SERVICE.  THE  SERVICE  IS  NEITHER  DESIGNED  NOR  INTENDED  FOR  HIGH   RISK  ACTIVITIES.  CUSTOMER  ACKNOWLEDGES  THAT  THE  SERVICES  ARE  NOT   A  TELEPHONY  SERVICE  AND  THAT  THE  SERVICES  ARE  NOT  CAPABLE  OF   PLACING  OR  RECEIVING  ANY  CALLS,  INCLUDING  EMERGENCY  SERVICES   CALLS,  OVER  PUBLICLY  SWITCHED  TELEPHONE  NETWORKS.     ®  
  • 27.    The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons    Google  Apps  Examples:    “Limita,on  on  Indirect  Liability.  NEITHER  PARTY  WILL  BE  LIABLE  UNDER  THIS     AGREEMENT  FOR  LOST  REVENUES  OR  INDIRECT,  SPECIAL,  INCIDENTAL,   CONSEQUENTIAL,  EXEMPLARY,  OR  PUNITIVE  DAMAGES,  EVEN  IF  THE  PARTY   KNEW  OR  SHOULD  HAVE  KNOWN  THAT  SUCH  DAMAGES  WERE  POSSIBLE  AND   EVEN  IF  DIRECT  DAMAGES  DO  NOT  SATISFY  A  REMEDY.”      “Limita,on  on  Amount  of  Liability.  NEITHER  PARTY  MAY  BE  HELD  LIABLE   UNDER  THIS  AGREEMENT  FOR  MORE  THAN  THE  AMOUNT  PAID  BY   CUSTOMER  TO  GOOGLE  DURING  THE  TWELVE  MONTHS  PRIOR  TO  THE  EVENT   GIVING  RISE  TO  LIABILITY.    “Governing  Law.  This  Agreement  is  governed  by  California  law,  excluding  that   state’s  choice  of  law  rules.  FOR  ANY  DISPUTE  RELATING  TO  THIS  AGREEMENT,   THE  PARTIES  CONSENT  TO  PERSONAL  JURISDICTION  IN,  AND  THE  EXCLUSIVE   VENUE  OF,  THE  COURTS  IN  SANTA  CLARA  COUNTY,  CALIFORNIA.  “   ®  
  • 28. The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     MUST  take  CSP  operaBonal  model  into  consideraBon  to   address  specific  points  of  impact  and  allocate  risk  –  KNOW   the  3P  providers     REVIEW  service  levels/credits  with  a  wary  eye  –  may  NOT  be   enough  to  cover  for  impact  of  downBme  on  business     MUST  address  data  export  capabiliBes  and  ensure   compaBbility  with  business  conBnuity  and  DR  plan     NEGOTIATE…NEGOTIATE…NEGOTIATE!   ®  
  • 29. Weather  Brewing  on  the  Horizon:   Intellectual  Property    Intellectual  property  rights  and  the  “cloud”  more   difficult  to  address:   •  No  tradiBonal  license  model   •  “Legacy”  systems/soQware  –  connecBvity  to  the   “cloud”  may  not  be  consistent  with  exisBng  licenses   •  Possible  fixaBon  issues  due  to  distributed  architecture    Evolving  technology  means  the  law  is  desperately   trying  to  catch-­‐up    Trade  secrets  issues  –  inconsistent  with  cloud  model?   ®  
  • 30. Weather  Brewing  on  the  Horizon:   Intellectual  Property    Copyright   •  Remote  storage  DVR  system  held  not  to  be  a  violaBon  of   U.S.  copyright  law  (See  Cartoon  Network  LP,  LLLP  v.  CSC   Holdings,  Inc.,  536  F.3d  121  (2nd  Cir.  2008),  cert.  den’d  129   S.Ct.  2890  (2009))   •  Aereo  (retransmission  of  over-­‐the-­‐air  broadcasts  to  mobile   devices)   •  Digital  Entertainment  Content  Ecosystem  (DECE)  –  a.k.a.   “Ultraviolet”  -­‐    purchase  content  once,  then  view  in  many   formats  and  on  many  devices  from  cloud-­‐based  account   ®  
  • 31. Weather  Brewing  on  the  Horizon:   Intellectual  Property            Trade  Secrets  –  protecBons  may  be  more  limited!   Trade  secret  informaBon  stored  in  the  cloud  may  be  subject  to  loopholes   that  permit  unauthorized  third-­‐party  disclosure.  See  Sherman  &  Co.  v.   Salton  Maxim  Housewares,  Inc.,  94  F.Supp.2d  817  (E.D.  Mich.  2000)   (holding  that  the  Stored  CommunicaBons  Act  only  prohibits  the   disclosure  of  stored  communicaBons  where  the  disclosing  party  provides   an  “electronic  communicaBon  service”,  and  a  person  who  does  not   provide  such  a  service  "can  disclose  or  use  with  impunity  the  contents  of   an  electronic  communicaBon  unlawfully  obtained  from  storage."  (citaBon   omiKed)).   ®  
  • 32. Weather  Brewing  on  the  Horizon:   Intellectual  Property     MUST  determine  how  IP  “creators”  in  organizaBon   would  be  using  CSP  services  and  where  stored     REVIEW  any  legacy  system  Be-­‐in  to  cloud  for  license   compliance     RETHINK  placing  trade  secret  informaBon  within  the   cloud  –  law  is  evolving  here   ®  
  • 33. Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon    Discovery  of  electronically  stored  informaBon  (“ESI”)   drama-cally  more  difficult  in  the  cloud   •  Data  preservaBon/integrity  hard  to  manage   •  Data  may  be  housed  in  mul-ple  countries   •  CSPs  may  use  3P  providers      JurisdicBonal  issues   •  Enforceability  –  mulBple  countries  vs.  governing  law   •  Country  where  data  is  resident  in  computer  facility  –   governmental  access?   ®  
  • 34. Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon     PreservaBon  is  KEY   •  Unlike  outsourced  soluBons,  users  may  not  know  what   infrastructure  they  are  using  or  the  physical  locaBon  of   data   •  CSP  may  be  able  to  retrieve  the  data,  but  NOT  know  where   your  data  is  for  the  purpose  of  a  liBgaBon  hold   •  CSP  may  use  third-­‐party  service  providers  for  elements  of   services  provided  to  the  user,  exacerbaBng  the  issue     Courts  may  NOT  disBnguish  servers  in  the  “cloud”   from  ones  in  direct  possession   ®  
  • 35. Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon     SpoliaBon   •  Cloud  infrastructure  increases  spoliaBon  risk   •  Where  CSPs  use  3P  providers  –  greater  danger     Data  Integrity   •  Data  at  rest  –  MUST  be  free  from  corrupBon   •  How  to  ensure  NO  CHANGE  to  data  upon  hold?     Standard  CSP  agreements  do  NOT  account  for   possibility  of  ESI  preservaBon  by  default   ®  
  • 36. Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon    MUST  account  for  specific  CSP  model  and  viability  of   the  CSP  regarding  ability  to  comply  with  e-­‐discovery   and  liBgaBon  holds    DEMAND  accountability  for  handling  of  ESI   •  General  “cooperaBon”  clause   •  Acknowledge  compliance  with  liBgaBon  holds    STRONGLY  CONSIDER  a  separate  agreement   ®  
  • 37. Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    Law  firm  use  of  CSPs  for  their  IT  needs  growing    ConsideraBons  are  more  delicate  for  law  firms  due  to   client  confidenBality  obligaBons,  privilege,  etc.    BoKom  line:  it  is  available,  but  is  it  ethical?   ®  
  • 38. Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    Answer:    IT  DEPENDS    17  states  so  far:  Use  of  CSPs  for  storage  of  client  files  so  long   as  a  reasonable  standard  of  care  is  exercised,  BUT  differences:    Alabama,  Arizona,  California,  ConnecBcut,  Florida,  Iowa,  Maine,   MassachuseKs,  New  Hampshire,  New  Jersey,  Nevada,  New  York,  North   Carolina,  Oregon,  Pennsylvania,  Vermont  &  Virginia    BoKom  Line:        Use  DILIGENCE  and  COMPETENCE  exercising  reasonable  care    MUST  have  a  BASIC  understanding  of  the  technologies  used    Have  an  OBLIGATION  to  remain  current  on  the  technologies   ®  
  • 39. Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    What  is  considered  a  “reasonable  standard  of  care”?     •  MUST  be  knowledgeable  about  CSP  handling  of  data     •  MUST  contract  with  CSP  to  preserve  confidenBality/security  of  data    Transposing  the  “reasonableness”  standard  from  “brick  &   mortar”  to  the  “cloud”  not  as  easy  as  you  may  think:   •  •  •  •  •  Security  –  client  confidenBality  requires  strong  contractual  protecBons   Backups  –  MUST  think  about  IaaS  infrastructure   Data  access  –  SLA  service  credit  should  NOT  be  sole  remedy   Portability  –  Transfer  of  data  in  event  of  terminaBon  crucial   Bankruptcy  of  CSP  –  how  to  account  for  possibility?   ®  
  • 40. Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    USE  COMMON  SENSE   •  Understand  how  the  CSP  will  handle  the  data   •  Don’t  be  afraid  to  ask  quesBons  –  arguably  have  a  duty  TO   ask  them!   •  Security  should  cover  both  soQware  capabiliBes  AND   physical  faciliBes    BoKom  Line:  LET’S  BE  CAREFUL  OUT  THERE!…   ®  
  • 41. “Partly Sunny with a Chance of Rain”: Forecasting the Legal Issues in Cloud Computing   Q  &  A                                          Email:  tom.kulik@solidcounsel.com            LinkedIn:  hKp://www.linkedin.com/in/tkulik            TwiKer:  @LegaIntangibls            Google+:  hKp://gplus.to/TomKulik              Blog:  hKp://www.legalintangibles.com   ®