WikiLeaks surfaced legal issues that are good to consider about cloud computing in general. Like anything else in business, cloud computing poses its own set of legal issues that customers are required to consider before signing with a service.
The blog Digital Inspiration reviews some legal questions to ask. It's a good introduction to thinking about the legal issues that cloud computing customers will face.
Do You Know Where Your Data is Located?
If you turn to cloud computing, you need to have some idea about the policies the provider maintains for where it stores your data. The place where that data is being stored raises questions about the legal governance of the information.
If a dispute arises, there may be complications if you are in a different country or in two different states.
From the Gerson Lehman Group:
"States have laws governing privacy and confidentiality that can provide severe sanctions for violating those laws. With cloud computing, are the documents governed by the law of the state in which they are physically located, by the location of the company possessing them, or by the laws of the state where a person resides?"
Who Takes Responsibility?
You decide to use a cloud computing service and suddenly disaster strikes. A service gets hit by a flood. Google is thinking about this issue. Digtial Inspiration points to Google's 10-Q statement. According to the filing with the U.S Securities and Exchange Commission:
"Our systems are vulnerable to damage or interruption from earthquakes, terrorist attacks, floods, fires, power loss, telecommunications failures, computer viruses, computer denial of service attacks, or other attempts to harm our systems."
And let's say there has been a data breach. Who is responsible in that situation? Is it the vendor?
From the Hospitality Risk Solutions blog:
"Salesforce.com and other large vendors carry cyber insurance in case of a breach. Usually though it is considered a shared responsibility. The provider may only carry insurance for $15 million. It's up to the customer to then determine what extra insurance to carry in case of a problem."
Intellectual Property Rights
You may not own the application or the operating system. You definitely don't need the hardware anymore. But you better have the right to remove the data when you want. That means you need to be clear about the day you stop using an application. Can you take that data with you?
Then comes the issue with such matters as trade secrets. What happens when the provider gets a subpoena? Can the provider access your data and hand it over to the authorities?
Finally, there is the issue with third parties.
"The vendor may grant some privileged third parties access to your stored data. The identity of such parties, if any, must be disclosed to the customer. Here, the third party could be a legal authority or even an internal employee. The customer should always be informed before the vendor allows third parties to access the stored data.
To protect the interest of your business, it may therefore be extremely essential that your read the terms and conditions meticulously before signing up for a cloud based services.
If the vendor provides a standard form of contract (which is a general practice), then you must be must be fully aware of all the terms and conditions. It will save you from nasty surprises and you will be financially, mentally and legally prepared to save your business from unfavorable consequences of cloud computing."
This is new territory in many ways. The legal rights you have are far more complex than the good old days when your servers were in one physical location. Those days are gone. Today, you need to know your rights in a different context.
And that's good news - for the lawyers at least.