Are Cloud Service Providers Obligated To Protect Your Data?

Posted on by

A Quick Glimpse Into The Cloud

Whether you realize it or not, you have used a cloud-hosted app. Gmail and Hotmail are on a cloud. Twitter is on a cloud (even though the jury is still out in the developer community on how well it has been implemented). A lot of Application Service Providers (ASPs) out there have taken advantage of this technology. And why not? Being on a cloud commonly uses the pay-as-you-go model, which for some is much better than paying a flat rate for a host that can guarantee the redundancy and reliability. After all, you are paying for reliability.  If your app is on cloud, it’s essentially spanned across multiple servers.  If one server goes down, your app continues to run.  If you get hit with a massive, unprecedented amount of users, the number of servers will expand to accomodate. These Cloud Service Providers lease out the space, computing power, and bandwidth to you… and to many app providers just like you.  Several $1M questions arise.  How secure is your app? How secure are the servers that your app runs on?  After all, there could be thousands of them.

Are You Protected?

When asked whether users should be sharing information with Google as if it were a “trusted friend,” Eric Schmidt, then-CEO of Google, Inc. (one of the major cloud service providers), responded, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

Taking in this view, this kind of makes you wonder exactly how protected you are, and by whom.  Yakov Ginzburg recently had an article published by the American Bar Association that talks about this very subject very eloquently –  Knocking on the Cloud’s Door – Obligations of Cloud Service Providers to Maintain the Privacy of Information Entrusted to Them (click here for link to the article or here for the entire issue).  The good news, as Yakov explains it, is that there are laws and regulations that may protect you, but there are some things to consider.

United States has multiple laws in place that protect your data.  There is the U.S. Constitution with the First and Fourth Amendments, even though the Fourth Amendment protects your rights to have your hard drive searched, with which you are entrusting these providers.

There is also the Stored Communications Act (SCA), which “generally prohibits electronic service providers from disclosing their customers’ information without a warrant and a prior notice to the customers.”  There are also a couple of gray areas here, including distinguishing between content data and non-content data.

There are a number of other laws, both state and federal, that offer protection to you, but the most significant point that Yakov makes is that outside of the U.S., there are different laws which may offer you some protection, or in some cases, none at all, depending on the country.

The moral of the story is this.  Due to the nature of Cloud computing, servers housing your data can span the entire globe.  And since laws very from country to country, you must carefully read the entire agreement that you are signing with your Cloud Service Provider to ensure that you are protected no matter where the servers reside.

I highly recommend taking a look at Yakov’s article in its entirety, as there are a lot of other laws that he outlines that may be worth looking at, especially if you are storing other people’s sensitive information like credit cards or healthcare information.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>