Clearing Up the Fog of Cloud Service Agreements

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, October 10, 2016

Contracting with cloud service providers has long been a world shrouded in fog. Across various organizations, cloud service agreements (CSAs) are all over the place, and often many people entering into these contracts have no idea what provisions they should have to protect their data. Significant guidance is needed to improve this landscape and bring more order to the chaos. Fortunately, a new standard -- ISO/IEC 19086 – provides this much-needed guidance.

New ISO 19086-1 Standards Will Help Lawyers Navigate The Cloud

Bradley Shear by Bradley Shear, Law Office of Bradley S. Shear
Sunday, October 9, 2016

There are multiple types of cloud-computing models and deployment methods that law firms and their clients utilize. For example, software-as-a-service , platform-as-a-service or infrastructure-as-a-service models may be deployed on a private cloud, public cloud, or hybrid cloud. ISO 19086-1’s framework is comprehensive, yet flexible, which enables lawyers and other risk professionals to feel confident that regardless of the type of cloud-computing model being utilized these standards if followed will not only inform but also help protect the rights of the parties to a cloud-computing agreement.

Passwords are the weakest link in cybersecurity today

Michael Chertoff by Michael Chertoff, Chertoff Group
Thursday, October 6, 2016

A closer examination of major breaches reveals a common theme: In every "major headline" breach, the attack vector has been the common password. The reason is simple: The password is by far the weakest link in cybersecurity today.

Meeting the Challenges of Privacy, Security and Compliance in the Cloud

Doug Miller by Doug Miller, Milltech Consulting
Tuesday, October 4, 2016

The dramatic growth in the use of cloud computing services by enterprises of all sizes and industries has created new challenges for corporate privacy and security officers. The economic and strategic benefits of the cloud are too great to forego. However, entrusting critical applications and sensitive data to third-party services requires careful review of vendor compliance with laws, regulations and standards. Balancing the benefits of the cloud with the fundamental requirements of privacy and security demands sustained attention from both sides. In this session, we’ll take an in-depth look at what it will take to build the necessary foundation of trust between user enterprises and their cloud service providers. Join Milltech Consulting's Doug Miller in the first part of this four-part video series from Microsoft at the IAPP and CSA's Privacy. Security. Risk. 2016.

ISO Prepares to Launch Standard Building Blocks for Cloud SLAs

Jeff Gould by Jeff Gould,
Monday, September 12, 2016

When large cloud customers deal with multiple cloud providers, as they typically do, there is bound to be some conceptual and terminological drift between the different SLAs. An obvious need arises for a standard way of building cloud service level agreements that meets the requirements of both customers and providers. The forthcoming ISO/IEC 19086 is just such a standard for cloud SLAs. A multinational committee of experts has been working on this project since 2013 and is expected to finalize the first of four planned parts this November. The four parts are as follows:

Should U.S. States Store Their Citizens’ Data Overseas?

Jeff Gould by Jeff Gould,
Tuesday, September 6, 2016

After a recent federal court ruling against prosecutors seeking emails stored abroad, a new case in Virginia again highlights the clash between privacy rights and data sovereignty

Obama administration can secure another win for data privacy

Julie Anderson by Julie Anderson, AG Strategy Group
Tuesday, August 9, 2016

In its final months in office, the Obama administration finalized Privacy Shield with the EU. Now it needs to implement it and work with U.S.-based tech companies to remove any uncertainty about exchanging data across the Atlantic. Then, Congress must take action to improve the process for law enforcement agencies to request email data from U.S.-based tech firms when conducting a criminal investigation. All three branches of government have a responsibility to help digital privacy rights catch up with physical ones. If our government achieves parity between privacy rights across those two spheres, then Americans will be safer and can enjoy the protections of their individual privacy.

Microsoft, Ireland and a Level Playing Field for U.S. Cloud Companies

Paul Schwartz by Paul Schwartz, Berkeley Law School
Friday, July 29, 2016

After the recent Microsoft v. United States decision, the law faces the task of clarifying questions about the international reach of a variety of a legal authorities and processes. In so doing, it should maintain a level playing field for U.S. cloud companies who store their data extra-territorially. There is no policy reason to set a heavier compliance burden on U.S. companies in meeting these requests, the author writes.

The US can’t go stomping on other countries’ laws. Period.

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Monday, July 25, 2016

Sadly, however, today threats to the free flow of information across the globe come, not only from authoritarian countries but, also, from misguided actions of Western nations that ought to know better. The latest example of this unfortunate trend is the U.S. government's effort to force Microsoft to provide it with data that Microsoft stored in a data center in Ireland. In December 2013, Microsoft received a warrant from a magistrate in the Southern District of New York directing the company to turn over content and non-content information relating to a user associated with the company's Dublin, Ireland data center. Microsoft produced the non-content material associated with the user stored on its U.S. servers, but objected to the order for content data stored in Ireland. The government's view was that the U.S. government can compel the company, a U.S. based cloud provider, to disclose a user's content data stored outside the United States. Happily, that argument has not carried the day. The United States Court of Appeals for the Second Circuit recently issued a decision rejecting the government's request and allowing Microsoft to refuse to produce the data.

Microsoft Search Warrant Case Is A Win For Privacy

Bradley Shear by Bradley Shear, Law Office of Bradley S. Shear
Friday, July 22, 2016

The unanimous 3-0 ruling is a victory for not only personal privacy rights but also for the theory that people’s rights in the physical world should be extended to the digital world. This decision will have a tremendous impact on international technology service providers, social media platforms, apps, law enforcement, and individual users of mobile and cloud-based services.