In this article, Timothy O'Toole and John Eustice* discuss the potential violation of export and sanctions laws as companies take advantage of cloud computing services to store electronic information. One particular advantage of the cloud is that data can be dispersed across servers located anywhere in the world. "But the manner in which the cloud transcends boundaries also creates potential dangers when combined with the export control laws, which carefully regulate the export of technical data and software, and which take national borders very seriously," the authors said.

There are a number of questions, including, for example, what happens if a server is located in a country facing U.S. economic sanctions or if the company does not know where their servers are located. "At the current time, unfortunately, these questions have very few easy answers, as U.S. regulators provide very little guidance on the subject," the authors said. O'Toole and Eustice provide several factors that companies should consider before placing sensitive data in the cloud, such as whether servers are located in sensitive countries and whether sufficient steps were taken to ensure data cannot be accessed by others overseas. "Only by carefully considering all of these factors, and potentially incorporating many of them into any contracts with cloud service providers, can companies ensure that they are not inadvertently violating U.S. export controls laws," they said.

*Former Miller & Chevalier attorney