Preserving Privacy and Data Security in Cloud Service Arrangements | Practical Law

Preserving Privacy and Data Security in Cloud Service Arrangements | Practical Law

A business that outsources the processing or storage of its employee's or customer's personal information to a software as a service (SaaS) or other cloud service provider remains responsible for the privacy and data security of that information under a matrix of federal, state, and foreign laws. Unsure what this may mean for your clients or practice? Practical Law has resources to help you get up to speed on the measures cloud service customers must take to comply with data protection laws.

Preserving Privacy and Data Security in Cloud Service Arrangements

Practical Law Legal Update w-001-8177 (Approx. 4 pages)

Preserving Privacy and Data Security in Cloud Service Arrangements

by Practical Law Intellectual Property & Technology
Published on 29 Mar 2016USA (National/Federal)
A business that outsources the processing or storage of its employee's or customer's personal information to a software as a service (SaaS) or other cloud service provider remains responsible for the privacy and data security of that information under a matrix of federal, state, and foreign laws. Unsure what this may mean for your clients or practice? Practical Law has resources to help you get up to speed on the measures cloud service customers must take to comply with data protection laws.
With the proliferation of business functions that are being outsourced to software as a service (SaaS) and other cloud service providers, companies share with these vendors increasing amounts of personal, confidential, and commercially sensitive information. The information entrusted to the care of a cloud service provider may identify or relate to the company's:
  • Employees, independent contractors, or suppliers.
  • Clients, customers, patients, or end users.
  • Licensees, affiliates, business partners, or other individuals or entities.
From the standpoints of both legal compliance and sound commercial practice, the cloud provider's effective protection of the confidentiality and security of this information is of vital importance to the cloud service customer. To help ensure that their confidential information remains secure in the cloud, companies should:
  • Identify the risks posed by migrating their data to a cloud environment.
  • Conduct a due diligence investigation of their prospective cloud service providers' privacy and data security practices.
  • Enter into a written agreement with the cloud service provider that includes express provider obligations to safeguard privacy and data security.
  • Require the provider to cure any breach of those obligations or terminate the agreement.
If you are unsure what this all means for your clients and your practice, let Practical Law help keep you up to speed. Practical Law has several resources concerning data protection in the cloud. These resources include sample contract provisions and explanatory drafting notes, such as Standard Clauses, Data Security Contract Clauses for Service Provider Arrangements (Pro-Customer), and the following helpful guides: