1 / 10

Law and Regulation as we move to the Cloud

Law and Regulation as we move to the Cloud. John O’Connor, Partner - Head of Technology & Commercial Contracts . Cloud Computing in basic terms . A bundle or stack of IT services using the Internet or “Cloud” as the method of delivery. SaaS : software applications designed for end users

merton
Download Presentation

Law and Regulation as we move to the Cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Law and Regulation as we move to the Cloud John O’Connor, Partner - Head of Technology & Commercial Contracts

  2. Cloud Computing in basic terms A bundle or stack of IT services using the Internet or “Cloud” as the method of delivery. • SaaS: software applications designed for end users • PaaS: tools and services designed to make coding and deploying applications fast and efficient • IaaS: hardware and infrastructure that enables everything else such as servers, storage, networks and operating systems

  3. Types of Cloud • Private cloud – a services where computing infrastructure is dedicated to an individual customer • Public cloud – a multi-tenanted service with multiple customers sharing infrastructure • Hybrid cloud – a combination of private and public cloud

  4. Key Business Customer Issues Business, legal and regulatory drivers such as: • Cost and basis of charge, fitness for purpose • Obtaining a reliable service that does what is promised and a contract that underwrites this promise • Confidentiality (data security), integrity and availability of data • Portability of data on exit • Compliance with • Data protection including data exporting rules • Other applicable laws and regulations

  5. Cloud Misconceptions • Data security is a bigger issue in the cloud than traditional outsourcing? • Data is hosted all over the world? • US Government have unique powers to access data in the cloud? • Cloud is the same as traditional outsourcing of processes? • Cloud contracts are not negotiable? • Data protection law does not permit moving personal data to the cloud?

  6. Public Sector Cloud Strategies • Ireland’s Cloud Strategy – June 2012 • UK - ICT Strategy - G cloud – March 2011 • US – Federal Cloud Computing Strategy - Feb 2011 • Common features include: • Private or hybrid cloud models with trusted public clouds • Data to be hosted on shore in home country • Compliance with laws and regulations • Minimum standards and levels of service • Data control, data security and data access guarantees

  7. Data Protection and Cloud • Article 29 Working Party Group – WP recommendation 196 • Irish, UK, French and Spanish data privacy regulators • Risk Assessments and Audits regarding data security • Data exports generally not permitted outside the EEA unless: • Safe Harbour – sufficiency without proof of application questioned • Model Clauses – EEA processor who is not the data importer • BCR – suitable for companies within a group structure • Identity of sub-data processers, locations and security breaches to be disclosed to data controllers • New Draft Data Protection Regulations

  8. Financial Services Regulation • Operational Risks - Basel II and III • Material outsourcing – critical or important functions • Committee of European Banking Supervisors • The Markets in Financial Instruments Directive 2004/39/EC • Solvency II Directive 9/138/EC • Audit rights by Supervisory Authority must be provided for

  9. Contract Review and Negotiation • Limitations and exclusions of liability • Choice of law and jurisdiction • Service description including SLAs / KPIs • Scope and detail of force majeure, down-time • Sub-contractors including underling infrastructure providers • Ability to terminate for persistent or material breach • Ability to easily migrate data on termination • Data back-up, disaster recovery and business continuity

  10. Conclusion • Legal and regulatory issues can be managed • Testing of systems in advance including data control, encryption, disaster recovery and business continuity • Cloud Insurance • Contract should be carefully reviewed commercially and legally • Legal and regulatory environment likely to change for the better – more facilitative of cloud in the medium term

More Related