In the New York Law Journal, Shari Claire Lewis writes about the legal issues that arise with cloud computing, including privacy questions. (I previously reported on some privacy questions surrounding cloud computing.) Lewis writes:

The trend today is toward something different: Whereas companies may still prefer their employees to be in geographic proximity to urban centers of business and government, the cost of prime real estate, and the availability of fast online interconnectedness in many locations that would otherwise be considered remote, make cloud computing a viable and cost effective alternative. Accordingly, data and data applications that are kept in a cloud may be physically located in one or more remote servers but are nevertheless transparently available to company users.

Data kept in a cloud often is, or may be, shared among, or usable by, multiple parties. It can include information ranging from word processing documents and business presentations to employee or patient health information and tax or accounting records, to schedules, calendars and contacts. The key to cloud computing is the speed with which the data and applications can be accessed, rather than the capacity and speed of a personal computer’s hard drive, as was crucially important in the past.  [...]

Given the explosive growth of cloud computing, it should be no surprise that it presents numerous legal issues for businesses. Two of the most significant are privacy concerns and the implications of cloud computing for pretrial discovery.

As with other forms of “outsourcing,” businesses’ duties to protect private or confidential data do not end with their transfer of the data to third-party vendors for storage or processing.

For example, although the Gramm-Leach-Bliley Act permits financial institutions to disclose confidential consumer information to a third party such as a cloud computing service provider, the terms of any agreement between the financial institution and the provider must be carefully considered. [...]

What undoubtedly can complicate the privacy issues in these and other situations is that the governing law might change depending on the cloud provider’s physical location. Different rules can apply if storage is in a European Union country, arguably subject to the EU’s Data Protection Directive, in multiple states within the United States, or in multiple locations around the world.

This entry was posted on Friday, July 10th, 2009 and is filed under Anonymity, Civil liberties, Fourth Amendment, Identification, International, Security, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Possibly related posts:

• ACLU of Northern California: Cloud Computing: Storm Warning for Privacy?
• More on Privacy and Cloud Computing
• World Privacy Forum Releases Report on Cloud Computing