Everyone is talking “Cloud”

How secure is your data?

Bianca Mueller, LL.M.

Benefits of the cloud

• Scalability

• Access everywhere in the world

• Improved backup/disaster recovery

• Reduced infrastructure costs

• Software is always up to date

• May save cost in the IT department

• Potentially more secure then your back office server

• Faster and higher quality servers

Due diligence and risk management • Trust and security

• Type of cloud service

• Type of business / industry

• Risk adversity

• Business objective and long term vision

• Commercial value of data

• Reliability of connectivity

• Reliability and trustworthiness of the service provider

Risks• Security and Trust

• Jurisdictional issues

• Cross border privacy concerns

• Contractual Issues

• Lock in and document retention

• What happens if the cloud service provider goes out of business?

• Regulatory compliance

• Service reliability and connectivity issues

Cloud Computing Landscape

Applications

Storage

Computing

Development platform

What happens if your Service Provider goes bust?

• Will you get your data back?

• Can your data be easily transferred to another provider?

• Information may not be available to you anymore (e.g. Mega)

Tip

• Conduct proper due diligence and risk management

The value of your data

• Designs, plans, specifications, drafts, moulds

• Research data

• Operational and administrative data

• Billing information, price lists etc.

• Source code, financial statements, and business plans

• Everything that has actual or potential commercial value to your business

Lifecycle of your data

• What business information does you business create and keep

• And what is happening with this information after it has been created?

• What’s its value (and are you leveraging it)?

• What is your Return on Investment?

Tip

• Classification of data into categories will determine the type and degree of risk and how you should manage it

Risks to your data

• Theft (external / internal threats)

• Employee negligence

• Unsecured mobile devices

• Government access (e.g. NSA)

• Technical and natural disasters

Tip

• Prioritise the confidentiality, integrity, and privacy of your information

Dealing with confidential information

• Contractual or statutory obligations to keep particular information confidential

• Employees, contractors, business partners

• Accountants, lawyers, GP’s or other health professionals

Tip

Using cloud services must not compromise your duty of confidentiality

Privacy concerns• There is no “OOPS” clause in privacy legislation

• Privacy breaches are always costly

• Negative impact on your reputation

• Loss of customer’s trust in your brand

Tip

• Seek advice on your organisation’s privacy obligations and ensure that your staff understands these obligations

• In 2012, 5.4 million Australians were victims of cybercrime

• Cost of cybercrime being as high as AUS $2 billion per year

Tip

Because of high risk and high cost, you should prioritise confidentiality, integrity, and privacy of your data

Financial Records

• Financial records must be kept in New Zealand for at least 7 years

• Cannot be stored in DropBox, Google Drive etc.

• Exemptions: Brookers, MYOB, Xero, Reckon New Zealand, Cargo Wise New Zealand, CCH New Zealand, Farm IQ Systems, and Technology One

Small contract, big liability?

• You are responsible to ensure the security, encryption, and back-up of your data

• It’s not the cloud provider’s responsibility

Tip

• Ensure that you fully understand your contractual liabilities and how they might affect your business

• Read the fine print – It may surprise you!

Mitigating risks in the cloud

• Be smart and involve people with the rights skills in making cloud decisions

• Conduct an impact assessment to determine the most appropriate cloud environment

• Know your data and decide what can go into the public cloud

• Don’t put all your eggs in one basket

• Ensure that you fully understand the technical, commercial and legal risks

• Monitor the cloud provider’s activities and plan for cloud outages

• Back up, encrypt, and bring your own key!

About LawDownUnder –tailored legal advice for the IT-Industry

LawDownUnder is a law firm specialising in technology, intellectual property, commercial, and international law. We offer tailored legal advice for innovative businesses with a focus on commercial and international contracts relating to IT. We help you contract more effectively and save you time and money.

At LawDownUnder, we understand the commercial environment in which our clients operate which is crucial in providing effective commercially focused legal advice. Our extensive experience in the IT industry sets us apart from most other lawyers and helps us to find solutions that are tailored to your specific needs.

What ever the size, we can deliver a commercially cost effective solution for every client. We are small, but specialised. No overheads, just best industry practices.

Smart legal advice for innovative businesses

Bianca Mueller, LL.M.

Twitter: @LawDownUnder

bianca@lawdownunder.com

Information technology law

Drafting and risk analysis of commercial IT contracts

Trademark and copyright law

Protection of ideas, trade secrets, and confidential information

Advice on information security and data protection

European privacy and technology law