Legal analysts have noted that the technology often matures more quickly than the laws that are currently on the books. Compare the cloud to social media. Over 10 years ago, there were no laws written that specifically talked about social media. Fast forward to today and you’ll see all sorts of cyber bulling laws and other types of laws, that were developed out of necessity due to the rapid adaptation of social media in our technology driven culture.
The cloud is maturing in the same fashion with lawmakers taking a reactive approach. This paradox can create a legal nightmare for a company who wants to scale rapidly but do so within the current context of the law. Since many countries, states and localities have different rules and regulations, it may be wise to begin your cloud research by asking yourself what kind of data you will be housing and if your storage methods are compliant with your local laws and regulations.
Chris McCarty holds a stake in an Eastern Tennessee law firm and he recently wrote an op-ed article for Knoxvillebiz.com. Mr. McCarty looks at the cloud through eyes of an attorney and he discusses some of the litigation risks involved with cloud companies who are trying to operate in the state of Tennessee.
In his article, McCarty wrote, “When negotiating with cloud providers like Amazon, Salesforce or Rackspace, ask the right questions. Have you ever experienced a security breach? What steps were taken to prevent future breaches? How and when would I be informed of a breach? If you fail to ask those questions on the front end, you will kick yourself on the back end.”
These types of questions should always be asked when shopping for public cloud platforms. McCarty went into detail when describing legal concerns for public cloud platforms from the point of view of an attorney in Tennessee.
He went on to note, “Any Tennessee business holding ‘personal information’ (i.e., names, driver’s license numbers, credit card numbers, etc.) ‘shall disclose any breach’ when information is acquired by an unauthorized person, according to statute. A disclosure must be made ‘in the most expedient time possible’ using a letter or email. If the breach compromised more than 1,000 people, you must also notify consumer reporting agencies and credit bureaus. What happens if you ignore this statute? Those whose data was breached — be they employees, customers or clients — can sue you for monetary damages.”
What does this mean? If your public cloud provider has a security breach and it does not conform to local laws in Tennessee, you could be sued by not acting on behalf of your cloud provider according the law. Keep these types of situations in mind when searching out a public cloud platform in your specific area because not knowing the laws could be quite costly down the road.