Thank you for sharing!

Your article was successfully shared with the contacts you provided.

In the early days of personal computing, users depended on “local” drives and stored their data on floppy disks kept in containers on desktops or in drawers. Applications from software manufacturers permitted users to create, manage and manipulate their business and personal information. But in short order, software became more and more sophisticated and floppy disks were replaced by hard drives. Operating systems became faster, hard drives were developed with even more capacity and programs grew in size and scope. Eventually the advent of networks allowed ever bigger programs to be shared among multiple users accessing ever-growing data banks. Nevertheless, networks remained largely tethered to the location of the users, who, at least theoretically, maintained both physical possession and control over the data. The trend today is toward something different: Whereas companies may still prefer their employees to be in geographic proximity to urban centers of business and government, the cost of prime real estate, and the availability of fast online interconnectedness in many locations that would otherwise be considered remote, make cloud computing a viable and cost effective alternative. Accordingly, data and data applications that are kept in a cloud may be physically located in one or more remote servers but are nevertheless transparently available to company users.[FOOTNOTE 1] Data kept in a cloud often is, or may be, shared among, or usable by, multiple parties. It can include information ranging from word processing documents and business presentations to employee or patient health information and tax or accounting records, to schedules, calendars and contacts. The key to cloud computing is the speed with which the data and applications can be accessed, rather than the capacity and speed of a personal computer’s hard drive, as was crucially important in the past. Even individual users are becoming more and more likely to be participants in the cloud computing phenomenon. For example, e-mail programs such as Google’s Gmail, which stores users’ e-mail on its own servers, is a perfect example of this growing development. Given the explosive growth of cloud computing, it should be no surprise that it presents numerous legal issues for businesses. Two of the most significant are privacy concerns and the implications of cloud computing for pretrial discovery. As with other forms of “outsourcing,” businesses’ duties to protect private or confidential data do not end with their transfer of the data to third-party vendors for storage or processing. A recent report from the World Privacy Forum, “Cloud Computing and Privacy,” highlights a number of important privacy issues raised by cloud computing that corporate users of cloud computing should keep in mind.[FOOTNOTE 2] For example, although the Gramm-Leach-Bliley Act[FOOTNOTE 3] permits financial institutions to disclose confidential consumer information to a third party such as a cloud computing service provider, the terms of any agreement between the financial institution and the provider must be carefully considered. In addition, the Privacy Rule enacted by the U.S. Department of Health and Human Services under the Health Insurance Portability and Accountability Act[FOOTNOTE 4] requires that covered health plans, health care clearinghouses and health care providers enter into “business associate agreements” with cloud providers (and, of course, other third parties) before turning over so-called protected health information. There may be risks associated with using cloud computing providers to store confidential corporate information such as trade secrets without appropriate and specially negotiated agreements, as well. What undoubtedly can complicate the privacy issues in these and other situations is that the governing law might change depending on the cloud provider’s physical location. Different rules can apply if storage is in a European Union country, arguably subject to the EU’s Data Protection Directive,[FOOTNOTE 5] in multiple states within the United States, or in multiple locations around the world. Accordingly, it is essential that the terms of contracts for cloud computing services must be negotiated keeping in mind the type of data to be stored, the location of the servers and the particular legal obligations of the business whose data it is. While a business might be able to make a claim against a cloud server for escape of private data, the business may not be insulated by its claim that a privacy breach was the result of the acts by the cloud server.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at customercare@alm.com


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.