Navigating the Cloud's Data Security and Legal Hazards
The Legal Intelligencer recently published my article, “Cloud Control: Data Security Hazards and How to Avoid Them,” in their 2017 Cybersecurity Supplement. The article looks at what businesses need to be thinking about in terms of cybersecurity and compliance issues associated with cloud computing – a model that has largely been embraced by the business world as the rule rather than the exception.
The chief risks for businesses associated with cloud computing stem from (a) the ability of unsophisticated individuals to place data in the cloud completely unbeknownst to those in an organization tasked with managing cybersecurity issues, and (b) the temptation to let down one’s guard, believing that the cloud service provider is handling the “hard stuff.” When these risks aren’t controlled, the net result can be compliance and legal issues for companies (along with reputational and financial risk). This includes everything from waiver of the attorney-client privilege, to violations of HIPAA, to running afoul of SEC regulations, and can lead to significant financial penalties, not to mention the havoc it can wreak on customers, clients, and employees.
Companies need not abandon the cloud, nor should they – but there are concrete actions they can take to better manage risk and ensure they have done all they can to lock down sensitive data in the cloud. My article goes into more detail on these risk mitigation strategies, including changing the internal mindset of the organization, training, investing in security, and including all key stakeholders – not just IT, but legal, compliance, risk management – at the table from the beginning when negotiating a new cloud arrangement.
Disclaimer: This post does not offer specific legal advice, nor does it create an attorney-client relationship. You should not reach any legal conclusions based on the information contained in this post without first seeking the advice of counsel.