Business users of Cloud services will need to very carefully consider the terms of service and associated commercial and compliance issues. For the most powerful - often the largest - customers, negotiating terms of contracts will be important. For those with less bargaining power a careful consideration and comparison of the trading terms of multiple vendors will be essential.
Here are some questions to ask Cloud providers when considering your Cloud strategy:
1. Does the flow of data adequately meet the regulatory requirements of each jurisdiction it flows through?
2. What data will be in the Cloud?
3. Does the vendor offer solutions to issues such as de-identifying data for trans-border data flow?
4. Where will the data be stored or processed? Can a commitment be obtained?
5. Who/what is processing the data?
6. Are there multiple Cloud platforms/ parties involved?
7. Can the movement of data be controlled?
8. Should/can the data be encrypted?
9. Who is liable for the data or any security breaches and what are the legal, commercial and reputational risks?
10. Can we access all of the data in the future? For how long will it be retained (and is it long enough for legal and tax purposes)?
11. Do the relevant contract clauses offer any protection — such as by referring to standards of equivalent legislation or model clauses? Do these standards meet our own internal policies?
12. What are the restrictions on the use of data?
Mark Vincent is the lead technology and intellectual property partner and Nick Hart is a senior lawyer with Sydney based new economy law firm, Truman Hoyle.