Legal issues in cloud computing - Essay Example

Legal issues in cloud computing Testing A hardware purchase contract is an agreement that covers the purchase and supply of IT products. Since the hardware is individual equipment, it may be possible for the buyer of the IT product to test the equipment before accepting the contract. If the proper functioning of the equipment depends on its compatibility with other equipment, it may be appropriate for the customer to test the equipment’s functioning onsite after installation and reject it if it fails to perform as required.

If this is the situation, the contract should include proper acceptance testing clauses. Such clauses usually require the customer or a supplier to test the equipment according to specified testing procedures. The supplier is also required to rectify any defects on the equipment or allow the customer to reject the equipment and get a refund (Salido 21).Data integrityThere is always the risk of accidental or deliberate, but unauthorized destruction or modification of data by rogue employees of the provider.

Such events compromise the quality of correctness, accuracy, completeness and the integrity of the data. In its contract, the customer should consider which party is best placed to handle those risks and, therefore, whether the arrangement with the provider should require the supplier to be accountable for the losses (Salido 22). Trade secret/ConfidentialityA client may have statutory obligations to keep certain information confidential. Therefore, it is necessary that these obligations are also transmitted to the provider in situations where the provider is accessing or storing the customer’s data.

Normally, the customer will want the provider to meet a minimum level of discretion for the customer’s information. In cases involving sensitive information, the degree of protection will need to be stronger.ImplementationAll systems of protection stated in this paper may potentially be insignificant unless the customer can approve that the required information security requirements are being satisfied. Audit of providers is one way of ensuring conformity. Audit of such arrangements is, however, likely to be complicated by location of the data- which may be mysterious to the client and could be located in foreign countries (Salido 23).

Ownership of dataData ownership is the possession of and accountability of information. It denotes power as well as management of data. The supplier may own all of the property rights in the software or the supplier may be licensed to grant the license to the customer. It is essential that the supplier give the customer a permit that it has all the entitlements to grant the license to the customer. The supplier should also give a warrant that use of the software by the client in accordance with the agreement will not violate the property rights of any person (Salido 23).

ResponsibilityIt is possible for cloud computing services provider to lose data through circumstances such as operator or technical error as well as fire or other disasters. While the possibility of such problems occurring can be reduced by the provider ensuring data back-up and proper hardware maintenance, it is appropriate for the customer to consider how to address data loss or misuse in its contract with the provider (Salido 23). A customer should consider which party is best placed to handle those risks and, therefore, whether the arrangement with the provider should include an indemnity from the provider in respect to misuse or loss of information as a result of an illegal, willfully wrong act or omission of data and negligence of the provider (Salido 23).

Data securityService providers may fail to perform the services either satisfactory or in time and, as a result, incur the customer some monetary damage. It may be proper for the client to manage the possibility of a service provider causing loss by obtaining from the provider an amount paid on signing the contract as a security deposit. This money would be used by the customer if the provider causes them loss or returned to the provider at the close of the arrangement (Salido 24).Allocation of liability risk and service availabilityCloud service agreements always seek to reduce their provider’s accountability for any damage that results from the provision of the service.

This includes excluding indirect, consequential losses-including data loss-, setting low liability caps- sometimes excluding liability completely- and not excluding major types of liabilities from any liability cap. Agencies should seek to comply with commonwealth’s policy on capping supplier liability in its contracts (Salido 25). Service levels are an effective way of ensuring providers satisfies the level of service expected by the customer. Service levels have to be relevant. They need to compute performance that is important to the client/agency.

The supplier’s performance against service levels should be auditable and be able to be determined easily (Salido 26). Work CitedSalido, Javier; “Data Governance for Privacy, Confidentiality, and Compliance: A Holistic Approach,” ISACA Journal, 6.1 (2010): 20-25 Print.