Cloud computing service arrangements frequently require organizations to share employee or customer personal information and other confidential data with service providers. In some cases, organizations must also grant vendors access to their current IT systems for transition or other purposes. Engaging third parties to perform services that involve handling personal information or accessing an organization’s IT systems changes an organization’s data security risk profile.
With counsels’ advice, organizations should weigh any decision to use cloud computing services against potential privacy and data security risks. Organizations and their service providers are subject to an increasingly complex patchwork of federal, state and local laws; regulations; and industry standards that govern privacy and data security. Service providers may have more cybersecurity expertise and technical resources than individual customer organizations. However, managing risks is crucial because vendor deficiencies can render an organization’s privacy and information security programs ineffective. Data breach reports and claims frequently point to service provider compliance issues as a basis for organizational liability. These events serve as reminders that organizations cannot outsource their accountability.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
