Liability In The Cloud
By Bob Goldberg, RSPA General Counsel
Recently I downloaded new software for my mobile phone and immediately saw my battery consumption go from numerous hours to three hours per charge. Since I was traveling out of the country, I quickly went to the local store to speak with a "Genius." The solution was to erase everything from the phone and re-install the software. As for my data it was to be uploaded to the Cloud and downloaded once the software was re-installed. My data is extensive and represents confidential information regarding accounts, financing, and clients. How secure was my information on the Cloud? Shortly would I view a news report regarding the lack of cloud security? Have the risks and liabilities been clearly established? Even if they have, are they being effectively communicated? Will a breach of the Cloud become the next PCI concern.
In the traditional software-licensing model, a vendor provides a copy of software code to the end user, who installs it on his or her own servers and purchases maintenance and support for that software from the vendor. In contrast, cloud computing is a different licensing model that may broadly encompass the provision of software, infrastructure, data storage, access and other online resources over a network. However, the term is most commonly used to refer to a licensing model in which an end user has the ability to access online resources on demand, from a third-party cloud provider over the Internet. Because the cloud is a hybrid solution combining software and service, the terms and conditions governing the end user-provider relationship are typically a blend of legal and commercial terms found in both license and technology services agreements. These complex agreements must be crafted carefully in order to mitigate the risks inherent in such contractual relationships.