This document discusses several topics related to cloud computing including:
1) Lawyer ethics of competence and confidentiality when using cloud services.
2) Due diligence processes and compliance considerations for cloud providers.
3) Legal issues involving jurisdiction, data privacy laws, e-discovery, and trade secret protection in cloud computing.
4) Risks of security breaches and data exposure are mitigated through proper due diligence and risk management practices for cloud providers.
Russian Call Girls In Gurgaon â¤ď¸8448577510 âšBest Escorts Service In 24/7 Delh...
Â
Cloud Computing Legal for Pennsylvania Bar Association
1. Cloud Computing
Fred Wilf, Esq., Baer Crossey
Dina Leytes, Esq., Griesing Law
Amy Larrimore, The Empire Builders Group
2.
3. Client-Lawyer Relationship
Rule 1.1 Competence
A lawyer shall provide competent
representation to a client.
Competent representation
requires the legal knowledge,
skill, thoroughness and
preparation reasonably
necessary for the
representation.
4. Client-Lawyer Relationship
Rule 1.6(a) Confidentiality Of Information
(a) A lawyer shall not reveal
information relating to the
representation of a client
unless the client gives
informed consent, the
disclosure is impliedly
authorized in order to carry
out the representation or
the disclosure is permitted
by paragraph (b).
5. Client-Lawyer Relationship
Rule 1.6(b) Confidentiality Of Information
(b) A lawyer may reveal information relating to the representation of a client to the
extent the lawyer reasonably believes necessary:
(1) to prevent reasonably certain death or substantial bodily harm;
(2) to prevent the client from committing a crime or fraud that is reasonably certain to result in
substantial injury to the financial interests or property of another and in furtherance of which
the client has used or is using the lawyer's services;
(3) to prevent, mitigate or rectify substantial injury to the financial interests or property of another
that is reasonably certain to result or has resulted from the client's commission of a crime or
fraud in furtherance of which the client has used the lawyer's services;
(4) to secure legal advice about the lawyer's compliance with these Rules;
(5) to establish a claim or defense on behalf of the lawyer in a controversy between the lawyer
and the client, to establish a defense to a criminal charge or civil claim against the lawyer
based upon conduct in which the client was involved, or to respond to allegations in any
proceeding concerning the lawyer's representation of the client; or
(6) to comply with other law or a court order.
6. Business in the Cloud - Common
â˘Software as a service
â˘Web services
ďźSocial media
ďźLinkedin
ďźWikipedia
ďźGoogle
â˘Platform
ďźPhysical Hardware
ďźCloud - Amazon
7. Security Breach
Generally speaking, it is ⢠Adverse legal, regulatory and
true that the ease of the business consequences
cloud increases
vulnerability â with ⢠Sanctions imposed by
significant consequences: regulatory agencies
⢠Loss of business
⢠Reputational risk
⢠Cost of complying with statutory
notification obligations
⢠Cost of remediation
9. Cloud Fear - Mitigation
On Premise Off Premise
⢠Fire Employee(s) ⢠Sue them
⢠Take the Blame ⢠Blame them
⢠Claim against your ⢠Claim against their
insurance policy insurance policy
10. Due Diligence
⢠Who at the service provider has ⢠Does the provider have a privacy
access to business records? and security policy?
⢠Where is the service provider ⢠What type of security is in place to
located? ensure data breaches do not occur?
⢠Does the service provider comply with ⢠Does the provider have a policy to
all regulatory requirements? be implemented in the case of a
⢠How is the data stored â what is the
data breach?
data flow? ⢠What does that policy provider for
with regards to client operations in
such a case?
⢠What insurance or asset levels exist
at the provider?
11. How does IT Bob Stack up?
Due diligence process for
outside providers tends to
be common.
Many providers are rejected
as part of this process.
Rarely would the internal
alternatives pass if they
were also subjected to
the process.
12. Refusal to Approve
Approval is a ⢠Failure to adequately
assess, approve and implement
point in time, not technology (non-action) is a
an ongoing significant exposure
process ⢠Exposure is reason new technology
is rejected
⢠Secure products become unsecure
in short time frame
⢠New tech presents the opportunity
for more security
⢠Compliance and legal education and
approval cycle process
⢠No case law
13. ⢠Courts are wiling to recognize
Jurisdiction personal jurisdiction based on
What are all the location of cloud computing
locations in which services.
you do business Forward Foods LLC v Next Proteins, Inc., 2008 BL
virtually? 238516 (N.Y. Sup. 2008)
⢠In some jurisdictions when
weighing convenience of a
forum, physical recordkeeping
takes precedence.
Gelmato S.A. v. HTC Corp., 2011 U.S. Dist. LEXIS
133612 (E.D. Tex. Nov. 18, 2011)
⢠Compliance department requires
instruction on these issues.
14. The Cloud and The World
⢠There are no international rules governing cloud
related concerns.
⢠The EU Data Protection
Directive provides that
transfer of personal data
may be made only to
member states and to
jurisdictions with
adequate data security
standards.
⢠The US is NOT currently deemed to have
adequate data security standards.
15. Issues in E-Discovery
⢠Parties that store third party data should not expect
to be shielded from discovery rules
Columbia Pictures, Inc. v. Bunnell, 245 F.R.D. 443 (C.D. Cal. 2007)
⢠FRCP require production based
on âpossession, custody or
controlâ
⢠If responding party has the ability
to obtain data, it may be
compelled to do so
⢠Discoverable information is still
protected by privilege, wherever it
exists
Tomlinson v. El Paso Corp.,245 F.R.D. 474 (D. Colo. 2007)
16. Protection of Trade Secrets
⢠CFAA: Computer Fraud and Abuse Act
⢠What is unauthorized access?
⢠Employees, Third Party Providers, Social Media
⢠Importance of policy vs. hardware controls
U.S. v. Nosal, 642 F.3d 781 (9th Cir. 2011)
⢠Social media
⢠Use or Excessive Use
⢠Social Media Policy
17. Summary
⢠Ethics: Competence and Confidentiality
⢠Matters of Business:
⢠Cloud Fear vs. Risk âSkeletonsâ in IT Closet
⢠Due Diligence and Point in Time Compliance
⢠Matters of Law
⢠Jurisdiction
⢠The Cloud and the World
⢠E-Discovery
⢠Trade Secrets
18. Dina Leytes, Esq.
www.griesinglaw.com
215-732-3924
dleytes@griesinglaw.com
Frederic Wilf, Esq., Partner
http://www.baercrossey.com
215-636-9220
fwilf@baercrossey.com
Amy H. Larrimore, Chief Strategist
The Empire Builders Group
www.amylarrimore.com
www.empirebuilders.biz
215-645-2691 or me@amylarrimore.com
slide design, creativity & general awesomeness powered by: