Contracting with the Cloud: Watertight data storage?

Is the contractual small print a black cloud on our business?

In Part 1 of this post I looked at what “cloud” computing actually means, some cloud options for law firms and an overview of the legal and regulatory position. In Part 2 I look at the contractual issues and risks.

Why is the rest of the business world embracing this readily available and cheap technology whilst we pause? Perhaps its our natural caution and need to understand what devil exists in the detail? Now I can come on to to a big BUT . Here’s that devil.

Let’s go beyond the marketing gas – is there anything solid up there in the clouds upon which we can safely nest that precious data without risk of those business wiping-out fines, embarrassment and admonishment by all?

Does the product match the promise on the packaging?

I’ve had an look at the small print in cloud provider’s service/licence agreements, and so far I haven’t found a single provider who doesn’t exclude all liability for data loss (or limits liability to the purchase value of the product) and strongly advises users to regularly back up all data locally.

And despite the clear “for business” branding in their product advertising, the actual contract terms may state that they do not provide any warranty that their service is fit for any particular purpose, or that it is secure and safe.

Essentially, if it all goes wrong, sorry folks you’re on your own -we’re not responsible, so don’t sue us. The Law Society have also picked out this cloud thinning issue in their Practice Note on cloud computing – see section 6.

That’s the equivalent of law firms saying in their terms of business “by the way, we don’t provide any warranty that our advice or that anything we say or do for you will meet your requirements”. That get-out-of-jail-free clause would lift the burden on our solicitor’s shoulders, but its not really walking the talk.

How watertight is our contract with the cloud?

This places a rather big black cloud over the whole third party data storage option for any other business that holds personal data, unless you may want to rely on a comprehensive data insurance policy that will cover you in the event of getting sued, Data Protection Act fines, etc. Or, you want to rely on trust – why should these big name companies get it wrong? A bit like those banks we trust(ed before 2009)?

Perhaps law firms are not yet ready for cloud computing, or cloud computing isn’t yet ready for us – unless you are big or brave enough to negotiate better terms with your cloud provider; see below on some further reading on this.

Here’s my gauntlet to throw up to the sky. If your product is as good as you say it is; the hackers can’t get in, its Data Protection Act compliant, the data is backed up to the hilt, and 100 top techies can vouch for all this, then do as we do – negotiate an insurance policy that indemnifies you.

Then give us a premium product with a warranty that it is fit for purpose and a liability limit of a few million – that seems fair seeing as we law firms manage at least £3 million worth of liability insurance for our clients. You will then have at least one customer who is prepared to pay a lot more than £5 a month per user.

For now, it seems that true to its name, cloud computing is just not watertight.

Further Reading

The USA is ahead of us on this issue, and of course they have data protection law too. For cloud contracting pitfalls see:

http://www.informationweek.com/cloud/software-as-a-service/5-cloud-contract-traps-to-avoid/d/d-id/1318791#msgs

And also, with relevance to use by lawyers:

http://searchcio.techtarget.com/tip/Cloud-contract-checklist-A-lawyers-perspective

Share this post, like or follow
RSS
Follow by Email
Facebook0
Facebook
Google+
https://www.lawpracticemanager.co.uk/it/contracting-with-the-cloud-is-it-watertight/
LinkedIn6
Martyn

Ben

I set up Law Practice Manager because I enjoy sharing fresh and original opinions and posts on law management issues.
Facebook and Twitter: @LawManager1
LinkedIn group: https://www.linkedin.com/groups/8538343

3 thoughts on “Contracting with the Cloud: Watertight data storage?

  • March 31, 2017 at 1:17 pm
    Permalink

    Well, I can’t agree with this. Our data (ours and client) is on a very secure set of servers (30, which are 100 miles apart from one another, as well as having a long stop of being rebuildable from our own server and backups. WAY more redundant and safe than a normal ‘in house’ data storage, and I don’t think this is untypical.

    Of course, the Ts and Cs limit liability….but the reality is that short of an atomic holocaust, the probability of data loss is extremely small. Hacking is another issue: if some of the most secure systems in the world have been hacked, what chance has anyone? Here the key is detection and backup.

    The same issues will apply to any server connected to the web. What is unique about the cloud?

    No, we don’t guarantee service – if the UK Internet falls over, that’ll be a service interruption…However, we have had (in the last 7 years) less than 10 minutes system outage.

    And we, like other cloud suppliers, do have suitable indemnity insurance.

    The proof of the pudding would have to be the relative safety of physical vs cloud servers. My understanding is that (at least as far as ransomware attacks go), the cloud has a much better record than physical servers.

    Reply
  • Martyn
    March 31, 2017 at 2:17 pm
    Permalink

    Thanks Joe, all good points and I agree its essential to weigh risks for using your own servers versus cloud/a third party’s servers. My point is that there appears to be very few contractual guarantees or warranties that the service is in fact for for purpose of storing client data, and little recourse if things do go wrong. That has to be weighed up against £500k of fines plus getting sued by clients. My observations are limited to some third party providers who offer client data storage including emails and e files.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close