Addressing privacy and security risks in cloud computing service contracts

As more businesses store and share data via third-party “cloud computing services”, privacy risks and Federal Trade Commission enforcement actions have also increased.  Many companies’ standard vendor services contracts are woefully inadequate to address these risks.  When contracting for cloud computing services, the contract should specifically describe data handling practices, security breach notification procedures, and data return requirements when the contract ends.

My colleagues Sharon Klein and Tabitha Sullivan recently wrote an article that includes tips and traps to consider when negotiating or drafting a cloud computing services contract.  As they note in the article:

The scope of the cloud computing services will impact the respective responsibilities of the vendor and the customer.  This contractual clarity is especially important given that most cloud computing vendors believe security of data is the customer’s responsibility, not theirs. . . .  The [customer’s] contracting department should work closely with the IT department to identify the company’s specific requirements and incorporate appropriate provisions to ensure the company’s needs are met.

To view the full article on the Pepper Hamilton website, click here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s