Cloud Privacy Contracting

The main evolutionary leap in Cloud services will come from a fusion of both legal and technical maturity.

It’s not enough for CSPs to offer contractual SLAs that dictate how efficiently they will run IT resources or how they will handle outages, they also need to stipulate how they will enable and honor data privacy regulations and best practices.

In short they will need to be able to offer contracting terms that aligns with the buyers controlling privacy laws – What I call ‘Cloud Privacy Contracting.’

Cloud Archiving and Compliance

The need for this is defined in the headline CIO.gov document – Best practices for Cloud contracting (44-page PDF).

This defines a range of best practices that a government agency should follow before contracting with a Cloud Provider, including technical support aspects but also ranging into contractual requirements such as Non Disclosure Agreements, Breach Response procedures, and in particular how the CSP would handle direct FOIA requests (Freedom of Information Act).

Consider how the Federal agency and/or the CSP will provide individuals with the right to access and/or amend their records within a CSP environment, under the time frames legally specified in the Privacy Act;

It also calls for E-Discovery: Federal agencies must ensure that all data stored in a CSP environment is available for legal discovery by allowing all data to be located, preserved, collected, processed, reviewed, and produced;

This requires that the CSP has the required data preservation and audit log assurance capabilities so that they can deliver verifiable digital evidence-ready records that can prove their chain-of-custody, and offer an always-on irrefutable record of all transactions.

This can be achieved through an irrefutable association with electronic identity record and integration with external Time Stamping Authorities, by adopting relevant Cloud Archiving and Compliance vendor technologies.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: