In this article, John Eustice discusses the factors corporate counsel should consider before contracting for cloud computing services and allowing electronic data to be moved and accessed across borders. "The primary focus of most data privacy laws is consent -- in order to process an employee's personal information, the employer i.e., the 'data user' generally must first obtain the employee's i.e., the 'data owner's' consent to do so," Eustice said. The author suggests that companies understand the security and reporting requirements of each implicated data privacy regime and research the enforcement mechanisms and potential penalties tied to any transgression of an applicable statute.
Before placing company data in the cloud, Eustice said companies should consider the following four issues -- data security, data location, data oversight and data control. "By considering each of these four issues, and by reviewing and understanding the data privacy and protection laws that apply to your corporation's data, you can help reduce the risk of sanctions or heavy consequences for inadvertent missteps," he said.