Law Society cloud computing guidance: extra tips

The Law Society of Scotland recently issued guidance on cloud computing services following consultation with law firms, in-house counsel and cloud providers.

While some of the guidance inevitably reflects the particular duties that law firms owe to clients and regulators, the advice is clear and legible, there are no rubbish cloud puns, and overall it’s a valid read for any individual or organisation considering the acquisition of cloud computing services.  

There are however a few extra tips which it won’t hurt to mention.

Applicable law

Surprisingly, the guidance doesn’t mention applicable law and/or jurisdiction. Even a largely favourable contract may not be worth the paper it’s written on if you have to travel to a foreign country to enforce it, and the vast majority of cloud providers will typically offer the law of a particular US state as the choice of law in their standard terms.

Choice of law is usually more significant for UK SMEs or corporate customers because, unlike consumers, they won’t necessarily be protected from terms imposing a foreign legal system. (A further disadvantage of contracting on terms governed by US law is that they usually contain very broad disclaimers of warranty and/or limitations of liability.)

Data back-up

The Law Society guidance refers to back-up of data, noting that “you should carefully examine the SLA for the frequency the cloud provider will back up your data to a separate site”. I would go slightly further and say that you should check whether there is an obligation on the provider to back up data at all!

Some providers state that data integrity will only be guaranteed where the customer has paid for additional backup services, while others expressly disclaim the fitness of their services for back-up purposes! It’s therefore important that you understand who is responsible for maintaining back-ups, and if the provider’s offering is not sufficient what alternative steps can be taken.

Encryption

Under the heading “responsibility for security” the Law Society guidance encourages firms to understand “the measures you can take to protect the security of your data “. Again, it may be necessary to go even further, and make sure that there are no express statements in provider terms which either disclaim any duty of confidentiality, or oblige the customer to use encryption.

If I have piqued your interest in the cloud, the Law Society is holding a Cloud Computing Glasgow event next Tuesday. I may see you there.

0 Responses to “Law Society cloud computing guidance: extra tips”



  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Twitter: @BrodiesTechBlog feed

March 2012
M T W T F S S
« Feb   Apr »
 1234
567891011
12131415161718
19202122232425
262728293031  

%d bloggers like this: