Soumettre la recherche
Mettre en ligne
Cloud Computing: What You Don't Know Can Hurt You
•
1 j'aime
•
261 vues
Patrick Fowler
Suivre
An introduction to some of the legal issues surrounding cloud computing
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 35
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
J. David Morris
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Nicole Black
2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery
Exterro
Trends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the Risks
Nicole Garton
Ritz 4th-july-gdpr
Ritz 4th-july-gdpr
Exponential_e
Big Data & Privacy
Big Data & Privacy
Abzetdin Adamov
12th July GDPR event slides
12th July GDPR event slides
Exponential_e
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on Privacy
Claudiu Popa
Recommandé
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
Contoural Kazeon Webinar Insourcing E Discovery Nov 08 V1 1 3
J. David Morris
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Iowa Weighs in on Ethics of Cloud Computing for Lawyers
Nicole Black
2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery
Exterro
Trends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the Risks
Nicole Garton
Ritz 4th-july-gdpr
Ritz 4th-july-gdpr
Exponential_e
Big Data & Privacy
Big Data & Privacy
Abzetdin Adamov
12th July GDPR event slides
12th July GDPR event slides
Exponential_e
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on Privacy
Claudiu Popa
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
bradley_g
Privacy and Big Data Overload!
Privacy and Big Data Overload!
SparkPost
Ethics of Big Data
Ethics of Big Data
Matti Vesala
Big data security the perfect storm
Big data security the perfect storm
Ulf Mattsson
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Praveenkumar Hosangadi
Privacy in the Age of Big Data
Privacy in the Age of Big Data
Arab Federation for Digital Economy
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
kevintsmith
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
CILIPScotland
Introduction by ann cavoukian
Introduction by ann cavoukian
MaRS Discovery District
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
Identity, Security and Healthcare
Identity, Security and Healthcare
NetIQ
Cloud security and cloud adoption public
Cloud security and cloud adoption public
John Mathon
Blockchain - Hype or Reality
Blockchain - Hype or Reality
snewell4
Big Data and High Performance Computing
Big Data and High Performance Computing
Abzetdin Adamov
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
Jisc
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
Dr. Ann Cavoukian
Egress Switch Introduction
Egress Switch Introduction
yonifine
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
Resilient Systems
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensics
Druva
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
CipherCloud
Cloud Computing and the Public Sector
Cloud Computing and the Public Sector
MHCCloud
Contenu connexe
Tendances
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
bradley_g
Privacy and Big Data Overload!
Privacy and Big Data Overload!
SparkPost
Ethics of Big Data
Ethics of Big Data
Matti Vesala
Big data security the perfect storm
Big data security the perfect storm
Ulf Mattsson
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Praveenkumar Hosangadi
Privacy in the Age of Big Data
Privacy in the Age of Big Data
Arab Federation for Digital Economy
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
kevintsmith
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
CILIPScotland
Introduction by ann cavoukian
Introduction by ann cavoukian
MaRS Discovery District
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
Identity, Security and Healthcare
Identity, Security and Healthcare
NetIQ
Cloud security and cloud adoption public
Cloud security and cloud adoption public
John Mathon
Blockchain - Hype or Reality
Blockchain - Hype or Reality
snewell4
Big Data and High Performance Computing
Big Data and High Performance Computing
Abzetdin Adamov
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
Jisc
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
Dr. Ann Cavoukian
Egress Switch Introduction
Egress Switch Introduction
yonifine
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
Resilient Systems
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensics
Druva
Tendances
(20)
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
Privacy and Big Data Overload!
Privacy and Big Data Overload!
Ethics of Big Data
Ethics of Big Data
Big data security the perfect storm
Big data security the perfect storm
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Privacy in the Age of Big Data
Privacy in the Age of Big Data
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
Introduction by ann cavoukian
Introduction by ann cavoukian
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Identity, Security and Healthcare
Identity, Security and Healthcare
Cloud security and cloud adoption public
Cloud security and cloud adoption public
Blockchain - Hype or Reality
Blockchain - Hype or Reality
Big Data and High Performance Computing
Big Data and High Performance Computing
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
Egress Switch Introduction
Egress Switch Introduction
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensics
Similaire à Cloud Computing: What You Don't Know Can Hurt You
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
CipherCloud
Cloud Computing and the Public Sector
Cloud Computing and the Public Sector
MHCCloud
Data sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profits
rgtechnologies
MPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum Collections
Kacy Clarke
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
Bianca Mueller, LL.M.
Frukostseminarium om molntjänster
Frukostseminarium om molntjänster
Transcendent Group
Clouds and Chains
Clouds and Chains
Tim Swanson
Legal ethics & cloud computing
Legal ethics & cloud computing
Patrick Fowler
Cybersecurity and Data Privacy
Cybersecurity and Data Privacy
WilmerHale
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Resilient Systems
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
Executive Leaders Network
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc
Onehub 101
Onehub 101
Charles Mount
Cloud security - Publication
Cloud security - Publication
Bianca Mueller, LL.M.
Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2
dbarton944
ACS cloud discussion paper
ACS cloud discussion paper
Roland Padilla
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
mkeane
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
Brian K. Dickard
2014 ota databreach3
2014 ota databreach3
Meg Weber
Similaire à Cloud Computing: What You Don't Know Can Hurt You
(20)
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
Cloud Computing and the Public Sector
Cloud Computing and the Public Sector
Data sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profits
MPMA 2013 - Leveraging the Cloud for Museum Collections
MPMA 2013 - Leveraging the Cloud for Museum Collections
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
Frukostseminarium om molntjänster
Frukostseminarium om molntjänster
Clouds and Chains
Clouds and Chains
Legal ethics & cloud computing
Legal ethics & cloud computing
Cybersecurity and Data Privacy
Cybersecurity and Data Privacy
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
The Great Data Migration, Dealing With Cybersecurity and Privacy in Legacy Da...
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data Graveyards
Onehub 101
Onehub 101
Cloud security - Publication
Cloud security - Publication
Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2
ACS cloud discussion paper
ACS cloud discussion paper
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
2014 ota databreach3
2014 ota databreach3
Dernier
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Rick Flair
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
HarshalMandlekar2
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Knoldus Inc.
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Nicole Novielli
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
panagenda
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Wes McKinney
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
AliaaTarek5
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
Mydbops
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Mark Goldstein
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
Skynet Technologies
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
MounikaPolabathina
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
Dernier
(20)
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Cloud Computing: What You Don't Know Can Hurt You
1.
Patrick X. Fowler,
Esq. Snell & Wilmer LLP Phoenix, Arizona 602.382.6213 | pfowler@swlaw.com Cloud Computing: What You Don’t Know Can Hurt You © 2012 Snell & Wilmer L.L.P 1
2.
Today’s Topics • What
is cloud computing? • Common cloud computing applications • How does it work? • Cloud computing concerns ◦ Data Ownership and Access ◦ Data Location and Security ◦ Data Privacy in the US and EU © 2012 Snell & Wilmer L.L.P 2
3.
What is Cloud
Computing? • Using the internet… • to access remotely-located computer servers… • for scalable, on-demand software applications, computing power and data storage… • that you might pay a fee for, but don’t own. © 2012 Snell & Wilmer L.L.P 3
4.
Common Cloud Applications •
Webmail – Gmail, Hotmail, AOL • Productivity – Microsoft Office 365, GoogleDocs • Data Sharing – Dropbox, GoToMeeting • Data Storage – iCloud, Amazon, Carbonite • Social Media – Facebook, LinkedIn, YouTube • Retailing – Amazon, Apple, eBay • Banking – Chase, Bank of America • Government – www.apps.gov © 2012 Snell & Wilmer L.L.P 4
5.
Most Common Use
of the Cloud? • Social Networking – By Far © 2012 Snell & Wilmer L.L.P 5
6.
“Official” Government Definition National
Institute of Standards and Technology Responsible for developing standards and guidelines for providing information security for all federal gov’t agencies and assets. NIST Special Publication 800- 145 (September 2011) © 2012 Snell & Wilmer L.L.P 6
7.
Why Are We
Moving to the Cloud? • It’s much cheaper to rent than to own. ◦ Outsourcing to the cloud reduces corporate data storage costs by 80%, and requires a smaller IT staff • It’s more flexible/scalable/elastic. ◦ Quickly expand and contract storage and computing needs, based on demand. ◦ Faster access to improved technology. • It’s more secure – in some respects. ◦ Remote, redundant data back-ups in case of disaster © 2012 Snell & Wilmer L.L.P 7
8.
How Does Cloud
Computing Work? • Major cloud providers: ◦ Amazon ◦ Google ◦ Microsoft ◦ Apple • Major cloud providers have multiple, distant data centers (i.e. server farms) where data is redundantly stored/processed. © 2012 Snell & Wilmer L.L.P 8
9.
Cloud Data Center
Locations • Amazon: ◦ North America (CA, OR) ◦ EU (Ireland) ◦ Asia (Singapore, Tokyo) ◦ South America (Brazil) ◦ Future: Buried in Siberian permafrost? • Google: ◦ USA (SC, NC, GA, OK, IA, OR) ◦ Finland, Belgium ◦ Hong Kong, Singapore, Taiwan ◦ Future: Cargo ships powered & cooled by the sea? © 2012 Snell & Wilmer L.L.P 9
10.
How is Data
Stored in the Cloud? Per Google’s web site: • Data is not stored on a single machine or set of machines; data from all Google customers is distributed amongst a shared infrastructure composed of many computers located across Google’s many data centers. • Data is chunked and replicated over multiple systems so that no one system is a single point of failure. Data chunks are given random file names and they’re not stored in clear text, so they’re not humanly readable. Source: http://www.google.com/about/datacenters/inside/data-security.html# © 2012 Snell & Wilmer L.L.P 10
11.
Cloud Computing Concerns •
Data Ownership & Access • Data Location and Security • Data Privacy • What Law Governs? • E-Discovery Obligations If possible, your contract with the cloud provider should address these issues. © 2012 Snell & Wilmer L.L.P 11
12.
Data Ownership &
Access © 2012 Snell & Wilmer L.L.P 12
13.
Cloud Data Ownership
& Access • Who owns the data once it has been uploaded? ◦ Short Answer: Should not be the cloud provider! • Who owns the servers where the data is stored? ◦ Is it the party with whom you contracted? A third party? How many links in the contract chain? • How often will the data be accessible? ◦ Industry custom is 99.99% of the time. • What happens if access is interrupted? ◦ Are fee credits provided? © 2012 Snell & Wilmer L.L.P 13
14.
Cloud Data Ownership
& Access • If you terminate the agreement with the cloud provider, what happens to your data? ◦ How long will your data remain on the cloud servers? ◦ Is it then deleted from the cloud provider’s servers? - Important when dealing with customer data, credit card information, HIPAA data, etc. • What if the cloud provider goes bankrupt or is shut down by a government? ◦ Example: MegaUpload seized by DOJ in January ’12 • E-discovery obligations? © 2012 Snell & Wilmer L.L.P 14
15.
Data Storage Location
& Security © 2012 Snell & Wilmer L.L.P 15
16.
Data Storage Location
& Security • In what countries are the cloud data centers located that will store your data? ◦ Evaluate the data privacy laws where the data centers are located. ◦ Consider potential jurisdictional and choice of law issues. • Is the data required to be maintained within a certain country? ◦ E.g., Government records, national defense materials. © 2012 Snell & Wilmer L.L.P 16
17.
Data Storage Location
& Security • What physical and digital security standards does the cloud provider adhere to? Will it tell you? • How do they compare to the security procedures used by Amazon, Google and Microsoft? • Do outside auditors certify the proper storage and use of data by the cloud provider? © 2012 Snell & Wilmer L.L.P 17
18.
Data Storage Location
& Security • Physical security measures: ◦ Non-descript facilities, restricted physical access, video surveillance, biometric clearance; ◦ Fire detection and suppression, uninterrupted power supply, climate and temperature control; ◦ Redundant data storage in different locations; ◦ A business continuity and disaster recovery plan to ensure service is maintained & to recover any data loss. © 2012 Snell & Wilmer L.L.P 18
19.
Data Storage Location
& Security • Digital security measures: ◦ Is your data securely stored when “at rest” and securely moved between locations? ◦ Does the cloud provider have rights to access your data? If so, why? ◦ Is your data stored in aggregate with other customers? If so, how good is the disaggregation? ◦ How does the cloud provider decommission old storage devices that once held your data? © 2012 Snell & Wilmer L.L.P 19
20.
Data Storage Location
& Security • What if your data is corrupted, lost or stolen? ◦ Caveat emptor. Let the buyer beware. ◦ Terms of service typically disclaim all warranties and exclude liability for any damages. • Example: ◦ “WE AND OUR AFFILIATES OR LICENSORS WILL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE OR DATA), EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES….” © 2012 Snell & Wilmer L.L.P 20
21.
Choose your cloud
provider wisely! • If you have little or no leverage in negotiating terms with the cloud provider… ◦ Is the cloud provider reputable & reliable? - How transparent is the cloud provider willing to be? - Quality vs. price – you probably get what you pay for. - Is the cost savings worth the risk of data loss/interruption? ◦ What contingency plan do you have if the service fails? - Separate, independent digital back-up? - Hard copy back-up? ◦ What remedies, if any, do you have against the cloud provider if there is data loss or service failure? © 2012 Snell & Wilmer L.L.P 21
22.
Data Privacy © 2012
Snell & Wilmer L.L.P 22
23.
Data Privacy Issues •
Data in the cloud is subject to different protections than information stored in-house; ◦ Data in the cloud = held by a third-party • Currently: there is a patchwork of Federal and State data privacy laws; • US and EU data privacy rules significantly differ; ◦ EU has more protections and regulations • US and EU have recently proposed expanded data privacy regulations. © 2012 Snell & Wilmer L.L.P 23
24.
Data Privacy Issues •
Existing laws can compel disclosure of cloud data to the government. ◦ Electronic Communications Privacy Act (ECPA) ◦ Stored Communications Act (SCA) ◦ USA Patriot Act - National Security Letters - Foreign Intelligence Surveillance Act (FISA) Warrants ◦ Warrants and subpoenas generally © 2012 Snell & Wilmer L.L.P 24
25.
Data Privacy Issues •
Current rules imposing data security and/or breach notification obligations, including: ◦ Sarbanes-Oxley ◦ Family Educational Rights and Privacy Act (FERPA) ◦ Health Insurance Portability & Accountability Act (HIPAA) ◦ Health Information Technology for Economic and Clincal Health (HITECH) Act ◦ Gramm-Leach-Biley Act (GLBA) ◦ FTC Act, Section 5 (for companies that store customer information on the cloud) ◦ State Laws and Regulations © 2012 Snell & Wilmer L.L.P 25
26.
Data Privacy: New
Regulations? • Significantly expanded data privacy regulation schemes proposed in early 2012: ◦ White House: Consumer Privacy Bill of Rights ◦ EU: New General Data Protection Regulations © 2012 Snell & Wilmer L.L.P 26
27.
Data Privacy: New
Regulations? White House Proposal – Feb. 2012 On-line Consumer Privacy Bill of Rights Enforceable Codes of Conduct Expanded FTC Role Re Data Privacy Rights Enforcement Increased “Global Interoperability” re various consumer data privacy regs © 2012 Snell & Wilmer L.L.P 27
28.
Proposed “Consumer Privacy
Bill of Rights” • Intended goals are: ◦ Preserve online consumer trust in the internet economy, ◦ While providing Internet companies with the regulatory certainty needed to permit innovation in on-line commerce. • Available on-line: ◦ http://www.whitehouse.gov/sites/default/files/privacy-final.pdf © 2012 Snell & Wilmer L.L.P 28
29.
Proposed “Consumer Privacy
Bill of Rights” • Individual Control by consumers of the data collected by companies and how those companies use such data; • Transparency regarding privacy and security practices; • Respect for Context to ensure that companies use data consistently with the context in which the consumer provides the data; • Security in handling personal data; © 2012 Snell & Wilmer L.L.P 29
30.
Proposed “Consumer Privacy
Bill of Rights” • Access and Accuracy including the right of consumers to access and correct personal data; • Focused Collection through reasonable limits on collection and retention by companies of personal data; and • Accountability to ensure that companies handling data adhere to the Consumer Privacy Bill of Rights. © 2012 Snell & Wilmer L.L.P 30
31.
Proposed “Consumer Privacy
Bill of Rights” • The White House proposes voluntary adoption of a binding code of conduct incorporating the privacy principles in the bill of rights…thus making it enforceable under Section 5 of the FTC Act. • Alternatively, the White House proposes that Congress pass a law incorporating the privacy bill of rights. • Unlikely that Congress will pass legislation this year. © 2012 Snell & Wilmer L.L.P 31
32.
Proposed EU Data
Protection Regulations Proposed January 25, 2012 Significant expansion of current EU data privacy scheme Data privacy already a fundamental right, per the EU Constitution Potential implications beyond EU borders © 2012 Snell & Wilmer L.L.P 32
33.
Proposed EU Data
Protection Regulations • Would apply to almost all data collection and processing activities regarding EU “data subjects” ◦ Would cover controllers and processors located in the EU ◦ Would also cover controllers and processers located outside of the EU if they offer goods or services to data subjects in the EU or monitor their behavior • Increased protections must be assured before consumer data may be moved outside the EU © 2012 Snell & Wilmer L.L.P 33
34.
Proposed EU Data
Protection Regulations • Provides increased consumer control of data ◦ With few exceptions, data subjects must give “informed consent” (generally through an “opt-in” process) before their personal data may be processed; • Internet users would have “The Right to be Forgotten” ◦ Data subject would be entitled to have personal data erased, even if the data has been made public! • Available on-line: http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf © 2012 Snell & Wilmer L.L.P 34
35.
Thank you Patrick X.
Fowler, Esq. Snell & Wilmer LLP Phoenix, Arizona 602.382.6213 | pfowler@swlaw.com © 2012 Snell & Wilmer L.L.P 35
Télécharger maintenant