Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2009 Hogan & Hartson LLP. All rights reserved. Tuesday, October 6, 2009 11 AM – 12:30 PM EDT Webinar: Understanding the Legal Challenges of Cloud Computing.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2009 Hogan & Hartson LLP. All rights reserved. Tuesday, October 6, 2009 11 AM – 12:30 PM EDT Webinar: Understanding the Legal Challenges of Cloud Computing."— Presentation transcript:

1 © 2009 Hogan & Hartson LLP. All rights reserved. Tuesday, October 6, 2009 11 AM – 12:30 PM EDT Webinar: Understanding the Legal Challenges of Cloud Computing

2 2 © 2009 Hogan & Hartson LLP. All rights reserved. Presenters Christopher Wolf – cwolf@hhlaw.comcwolf@hhlaw.com Philip Porter – pdporter@hhlaw.compdporter@hhlaw.com Zenas Choi – zjchoi@hhlaw.comzjchoi@hhlaw.com Andrea Ward – award@hhlaw.comaward@hhlaw.com Michael Larner – melarner@hhlaw.commelarner@hhlaw.com William Flanagan – wpflanagan@hhlaw.comwpflanagan@hhlaw.com Allison Stanton – acstanton@hhlaw.comacstanton@hhlaw.com

3 3 © 2009 Hogan & Hartson LLP. All rights reserved. Agenda What Exactly is Cloud Computing? Intellectual Property Issues Government Demands for Information Privacy Issues Labor and Employment Issues E-Discovery Data Security Safeguards Data Breach Responsibility Contracting Issues Service Level Issues Q&A

4 4 © 2009 Hogan & Hartson LLP. All rights reserved. What exactly is cloud computing? Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction – NIST Cloud computing is Internet ("cloud") based development and use of computer technology (“computing") – Wikipedia Zenas Choi zjchoi@hhlaw.com

5 5 © 2009 Hogan & Hartson LLP. All rights reserved. What exactly is cloud computing? (continued) Cloud Computing Delivery Models – “Software as a Service” (Saas) - allows customer to use vendor applications running on a “cloud” infrastructure – “Platform-as-a-Service” (PaaS) - allows customer to write applications that run in a “cloud” infrastructure – “Infrastructure-as-a-Service” (IaaS) - allows customer to obtain processing, storage, network capacity, and other computing resources from a “cloud” infrastructure Zenas Choi zjchoi@hhlaw.com

6 6 © 2009 Hogan & Hartson LLP. All rights reserved. What steps should a company take to protect its intellectual property in the cloud? Company’s loss of control in cloud is key to understanding risk to intellectual property Steps to take to protect IP in the cloud – Identify your company’s primary vulnerabilities – Perform due diligence – Compare vendor’s protective efforts to current in-house policies and procedures – Implement contractual safeguards Trade secret protection – Impact of putting trade secrets in the cloud Michael Larner melarner@hhlaw.com

7 7 © 2009 Hogan & Hartson LLP. All rights reserved. Is data in the cloud safe from government view? The Fourth Amendment to the U.S. Constitution affords protection against unreasonable search and seizure for houses and papers Transfer of information to a cloud provider creates opportunities for information to end up in the government’s hands There is legal murkiness over the protections afforded to data in the cloud vis-a-vis the government – See “Lost in the Cloud,” New York Times (7-19-09) (Professor Jonathan Zittrain concludes “data stored online has less privacy protection both in practice and under the law…If you entrust your data to others, they can let you down or outright betray you.”) Christopher Wolf cwolf@hhlaw.com

8 8 © 2009 Hogan & Hartson LLP. All rights reserved. Is data in the cloud safe from government view? (continued) Time for the “third party doctrine” to be refined – In United States v. Miller, 425 U.S. 435 (1976), Supreme Court held that there is no reasonable expectation of privacy in financial records maintained by a bank, because the information was voluntarily conveyed by the defendant to a third party (the bank) – “Right to Financial Privacy Act” now limits ability of Feds to obtain customer information from banks Electronic Communications Privacy Act (ECPA) provides some protections Christopher Wolf cwolf@hhlaw.com

9 9 © 2009 Hogan & Hartson LLP. All rights reserved. How should you address the privacy law issues implicated by cloud computing? Central privacy issues associated with cloud computing – Compliance with local privacy laws – Security of data – Transfer of data Responsibility for data Research service providers Use of contracts – Relevant clauses Processing in accordance with customer’s instructions Adequate technical and organisational security Service level agreements Audits Restitution and destruction of data Cross-border transfers Andrea Ward award@hhlaw.com

10 10 © 2009 Hogan & Hartson LLP. All rights reserved. What labor and employment law issues are implicated by sending data to the cloud? Andrea Ward award@hhlaw.com William Flanagan wpflanagan@hhlaw.com  Putting employee data in the cloud – increased efficiencies, but also risks  Employee data in the cloud must be protected, maintained, and retained in accordance with applicable federal and state law (e.g., ADA, FMLA, FCRA, FLSA)  Before putting data in the cloud, consider – Whether category of data is appropriate for the cloud (e.g., HRIS data, compensation data, medical records, personnel files). – State laws. Caution - state records laws vary, and have not caught up with the technology – “On Site” rules. Some states require that records be kept, and be available for inspection, at the employer’s work site

11 11 © 2009 Hogan & Hartson LLP. All rights reserved. What labor and employment law issues are implicated by sending data to the cloud? (continued) Andrea Ward award@hhlaw.com William Flanagan wpflanagan@hhlaw. com – Litigation issues. – Applicability of foreign data protection and privacy laws (e.g., UK Data Protection Act of 1998)

12 12 © 2009 Hogan & Hartson LLP. All rights reserved. What are the e-Discovery challenges of identifying and collecting data stored in the cloud? Who has custody and control? – Data is no longer in the company’s custody What is the cost to identify and collect relevant data? – May need third party specialists – Reduced cost of cloud storage results in increased data volume Where is the data? – Collection from multiple sources within the cloud – Transfer of data issues (i.e. cross borders) Allison Stanton acstanton@hhlaw.com

13 13 © 2009 Hogan & Hartson LLP. All rights reserved. What are the e-Discovery challenges of identifying and collecting data stored in the cloud? (continued) Allison Stanton acstanton@hhlaw.com When to identify relevant data that may be in the cloud? – Identify, negotiate, and limit early in discovery Why comply with litigation requests for data in the cloud? – No settled law yet but courts unlikely to allow companies to make data inaccessible – Possible burden or cost argument

14 14 © 2009 Hogan & Hartson LLP. All rights reserved. What data security safeguards should a company put in place before outplacing data in the cloud? Zenas Choi zjchoi@hhlaw.com Conduct due diligence of vendor’s service offering; including understanding control over data, vendor’s use of subcontractors, and incident response procedures Analyze vendor’s security policies, and determine extent of vendor’s security commitments … do they meet internal security requirements? Understand jurisdictional and industry specific security requirements, and consider other contractual security requirements Consider third party risk assessment of systems and data to ensure all risks and identified and accounted for (including, e.g., a Privacy Impact Assessment (PIA) and/or other typical Threat Risk Assessments (TRA))

15 15 © 2009 Hogan & Hartson LLP. All rights reserved. What data security safeguards should a company put in place before outplacing data in the cloud? (continued) Zenas Choi zjchoi@hhlaw.com Classify data and systems, and consider whether sensitive data should be segregated or stored in more secure environments Consider whether special steps must taken before transferring data to vendor, e.g., encryption, business associate agreement, other commitments that may be required by law or best practices Consider extent to which data should be backed-up, including business continuity during initial data transfer Determine which party should bear ultimate responsibility and costs of notification resulting from a breach of the Cloud provider's data security obligations

16 16 © 2009 Hogan & Hartson LLP. All rights reserved. Whose responsibility is it if there is a data breach? Forty-five states, the District of Columbia, Puerto Rico, and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information “Owners” of data are responsible for notification in the event of breach (hacking, lost data, unauthorized access) Laws also impose duties on non-data owners or licensors – But those statutory duties are generally limited to notifying the data owner or licensor upon learning of the data breach Christopher Wolf cwolf@hhlaw.com

17 17 © 2009 Hogan & Hartson LLP. All rights reserved. Whose responsibility is it if there is a data breach? (continued) Essential to understand and have worked out in advance the requirement that the processor in the Cloud informs the “owner” of a breach – If there is adequate bargaining power, shifting the responsibility and costs of notification to the Cloud provider is desirable Christopher Wolf cwolf@hhlaw.com

18 18 © 2009 Hogan & Hartson LLP. All rights reserved. What are the contracting issues with cloud computing? Form of Agreement (clickwrap vs. signed agreement) – Clickwraps – consistent with web-based access to technology assets – Vendor’s Perspective – streamline contracting process – Customer’s Perspective – unlikely to address key issues Vendor’s ability to change the terms and conditions Pricing – Rate Increases Termination – Suspension of Services – Transition Services Michael Larner melarner@hhlaw.com

19 19 © 2009 Hogan & Hartson LLP. All rights reserved. How do companies and cloud service providers handle service level issues? Standard availability warranty: 99.5%-99.99% uptime, measured and reported monthly Examine the proposed availability warranty – Review the proposed availability calculation (access or access without serious malfunction?) – Review the definition of “Scheduled Downtime” – Review the proposed remedy for warranty breach  Verify that a specific remedy is offered  Termination for breach may not be a meaningful remedy  Try sample calculations to verify the possibility of a remedy is not too remote and that the calculated remedy is sufficient to create an incentive for correction Philip Porter pdporter@hhlaw.com

20 20 © 2009 Hogan & Hartson LLP. All rights reserved. Questions and Answers Please visit our blog at: www.hhdataprotection.comwww.hhdataprotection.com

21 21 © 2009 Hogan & Hartson LLP. All rights reserved. Abu Dhabi Baltimore Beijing Berlin Boulder Brussels Caracas Colorado Springs Denver Geneva Hong Kong Houston London Los Angeles Miami Moscow Munich New York Northern Virginia Paris Philadelphia San Francisco Shanghai Silicon Valley Tokyo Warsaw Washington, DC www.hhlaw.com For more information on Hogan & Hartson, please visit us at

Download ppt "© 2009 Hogan & Hartson LLP. All rights reserved. Tuesday, October 6, 2009 11 AM – 12:30 PM EDT Webinar: Understanding the Legal Challenges of Cloud Computing."

Similar presentations

© Hogan & Hartson LLP. All rights reserved. Pharmaceutical Compliance Forum Clinical Trials Case Study Stephen J. Immelt Thursday, November 8, 2007.

© Hogan & Hartson LLP. All rights reserved. Pharmaceutical Compliance Forum Clinical Trials Case Study Stephen J. Immelt Thursday, November 8, 2007.
Art. 6 – 8 of the draft Unitary Patent Regulation Prof. Dr. Winfried Tilmann.

Art. 6 – 8 of the draft Unitary Patent Regulation Prof. Dr. Winfried Tilmann.
3Kites Consulting/Kemp IT Law Breakfast Seminar Law Firms and the Cloud: Balancing Benefits and Risks London, 10 September 2014 Contracting for the Cloud:

3Kites Consulting/Kemp IT Law Breakfast Seminar Law Firms and the Cloud: Balancing Benefits and Risks London, 10 September 2014 Contracting for the Cloud:
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
16 July 2011 The Business Case for Mediation (for “ICC Arbitration & Amicable Dispute Resolution – Focus on India”) Jonathan Leach, partner, Hogan Lovells.

16 July 2011 The Business Case for Mediation (for “ICC Arbitration & Amicable Dispute Resolution – Focus on India”) Jonathan Leach, partner, Hogan Lovells.
Ethical Issues in Data Security Breach Cases www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Cloud Usability Framework

Cloud Usability Framework
Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
The Role of Arbitration in the Dispensal of Justice Does Arbitration Maintain the Advantages it Traditionally Enjoyed? Nathan Searle, Senior Associate.

"The Role of Arbitration in the Dispensal of Justice" Does Arbitration Maintain the Advantages it Traditionally Enjoyed? Nathan Searle, Senior Associate.

Similar presentations

Ads by Google