As more businesses store and share data via third-party “cloud computing services”, privacy risks and Federal Trade Commission enforcement actions have also increased. Many companies’ standard vendor services contracts are woefully inadequate to address these risks. When contracting for cloud computing services, the contract should specifically describe data handling practices, security breach notification procedures, and data return requirements when the contract ends.
My colleagues Sharon Klein and Tabitha Sullivan recently wrote an article that includes tips and traps to consider when negotiating or drafting a cloud computing services contract. As they note in the article:
The scope of the cloud computing services will impact the respective responsibilities of the vendor and the customer. This contractual clarity is especially important given that most cloud computing vendors believe security of data is the customer’s responsibility, not theirs. . . . The [customer’s] contracting department should work closely with the IT department to identify the company’s specific requirements and incorporate appropriate provisions to ensure the company’s needs are met.
To view the full article on the Pepper Hamilton website, click here.