As “the cloud” becomes an increasingly important and more widely used tool for computing and data storage, companies (and their lawyers) must address a number of challenging issues. Some of these issues include but are certainly not limited to:
- How does a company minimize the risk of data breach and maximize the security of their data at a “reasonable” cost? What level of security strikes a balance between practicality, financial reasonableness, and protection?
- What policies should a company adopt to help ensure the security of its data while maintaining the privacy rights of its employees?
- How can a company maximize the security of its customers’ private information, particularly if the information is stored in the cloud? What are the minimum standards, if any, that the law requires of a company seeking to store information in the cloud with respect to ensuring the security of their customers’ information? Are there any legal requirements or customs that a company should expect a third-party cloud vendor to meet?
- What role will the law of other countries play in regulating data stored in the cloud, particularly where a cloud vendor may store information in servers all over the world?
- What are the emerging trends in litigation? What causes of action are being brought successfully against cloud vendors and businesses that use them when a customer’s private information has been breached? Which defenses have been successful in limiting liability? What does a customer have to show to establish the existence of a cognizable injury?
It does not appear that there are easy answers to many of these questions. What does appear clear, however, is that corporations and individuals are increasingly moving their data and computing platforms into the cloud. So at the very least these issues should be considered and they create a potential minefield ripe for litigation.
It is hoped that this blog will serve as a forum for discussion of these and other issues relating to the law regulating data security, cloud computing, data privacy, and “all things E.”
DISCLAIMER: The opinions expressed here represent those of Al Saikali and not those of Shook, Hardy & Bacon, LLP or its clients. Similarly, the opinions expressed by those providing comments are theirs alone, and do not reflect the opinions of Al Saikali, Shook, Hardy & Bacon, or its clients. All of the data and information provided on this site is for informational purposes only. It is not legal advice nor should it be relied on as legal advice.