Category

Cloud Computing

Category

On January 17, 2017, the Canadian Radio-television and Telecommunications Commission (the “Commission”) published Telecom Regulatory Policy CRTC 2017-11 (Application of regulatory obligations directly to non-carriers offering and providing telecommunications services) (“Policy 2017-11”).Under Policy 2017-11, the Commission directed resellers (also known as non-carriers), as a condition of offering and providing any telecommunications services in Canada, to abide by all applicable existing consumer safeguard obligations set out in Policy 2017-11, including the obligation to register with the…

In October 2016, federal authorities released two important guidance materials for businesses handling health information to consider. The Department of Health and Human Services, Office for Civil Rights (“OCR”) released guidance on (1) the application of HIPAA to cloud computing, and (2) the importance of the Federal Trade Commission Act (“FTC Act”) in the context of sharing protected health information (“PHI”). These materials are important because OCR is responsible for enforcing the Health Insurance Portability…

For the third year running we have undertaken our Cloud Survey, in which we reach out to individuals within our firm clients and partner organisations in the cloud services space. We use the survey to uncover trends in this important marketplace, and to understand buyers’ and providers’ key objectives, hesitations and criteria for procurement and contracting. While this year a greater majority (66%) of survey respondents were in a legal role, procurement, marketing, IT, InfoSec and…

Fact is that customers have a legitimate need to reserve a right to audit the cloud service provider’s compliance measures. But, it is also a fact that the service provider may not let customers into its data centers or systems because that would impair the security of other customers’ data. Also, individual audits would be unnecessarily disruptive and costly. As a compromise, cloud service providers can arrange for routine, comprehensive audits of their systems by…

Fact is that service providers may not always be able to limit their liability vis-à-vis the data subjects in scenarios where they contract with corporate customers and not the data subjects themselves. If hackers gain unlawful access to information residing in a hosted database, the service provider may be liable directly vis-à-vis the data subjects under negligence theories (if and to the extent economic harm resulting from data access is covered by tort liability under…

Fact is that many organizations find it difficult to stay in control over modern IT systems, whether they hire service providers to provide IT infrastructure or whether they host, operate and maintain systems themselves. Even with respect to self-operated systems, most companies usually have to work with support service providers who have to be granted access to the systems and data to analyze performance problems, troubleshoot errors and provide support and maintenance. Most companies find…

On 3 June 2016, the US Commerce Department’s Bureau of Industry and Security (“BIS”) published a Final Rule (the “Final Rule”) affecting the application of the Export Administration Regulation (“EAR”) to certain uses of cloud computing for the storage of controlled technology and software. Specifically, the Final Rule carves out of the EAR licensing requirement cross-border transfers of encrypted technical data. This rule goes into effect on 1 September 2016.By way of background, BIS has…

We are delighted to announce the launch of our 2016 Cloud Computing Survey, which is now open for participation. Please click here to participate in the survey.What is the survey about?Our goal is to generate and share with our audience useful, real-world insights into the world of cloud computing. The survey questions focus on concerns about using cloud computing solutions, reasons for switching to cloud computing solutions, cloud contract terms and negotiations as well as…

Fact is that data privacy and security laws primarily hold the data controller responsible for compliance – i.e., the customer in a service provider relationship. The customer has to ensure that the data made available to the service provider has beencollected in compliance with privacy laws, data subjects have consented or received notice, filings have been made, etc.The service provider – as the data processor – has typically only three duties under data privacy laws:…

Fact is that some tax, bookkeeping and corporate laws in some jurisdictions historically required certain records to stay in-country. But such requirements apply only to certain kinds of records and they generally do not prohibit the transfer of data into the cloud so long as originals or back-up copies are also kept local. If, and to the extent, such laws apply, copies of records may still be uploaded into the global cloud solution, whether self-hosted…