By Richard P. Goldberg

      As cloud computing becomes more prevalent, security and privacy are losing ground to marketing. Cloud computing may be the future; but with it come serious, non-obvious security, privacy, and legal problems. And in the rush to adopt and adapt, it seems that CEOs (and a disturbing number of CIOs) don't know what these issues are; marketing people don't care; information security people have a good handle on most of the security issues, though they don't yet know how to fix them; and nobody is talking about the legal issues. These legal issues can create security vulnerabilities, and the security issues can create legal vulnerabilities. It's a mess.

      Although there is disagreement about what constitutes true "cloud" computing, and there are legitimate gray areas, these distinctions do not matter. The things that are cloud computing, and the things that just look like cloud computing, are all subject to the same basic risks, which stem from a combination of two essential characteristics of cloud computing: (1) third-party storage and access; and (2) a lack of transparency and control. This is a potentially dangerous combination.

      While many organizations see cloud computing as a seemingly simple, low-cost alternative for storing, protecting, and providing access to their most important information, the legal and privacy concerns are largely being ignored. This talk addresses the following questions, among others: What legal risks are created when your data is located "elsewhere"—and you don't know more than that? Can you outsource your data storage and access consistent with your company's privacy policy? Can using cloud computing cause you to violate federal, state, or international data-privacy laws? Can you do everything right and still create unreasonable risks to your company? Who will be responsible if—or, more likely, when—something goes wrong? What precautions can you take to solve these problems? And will that be enough?

      This talk is a discussion of the less-obvious legal risks inherent in storing and accessing data in the cloud. It focuses on real-world problems—and solutions, if any exist. The aim is to foster a greater understanding of the relevant issues, legal and privacy risks, potential solutions, and which problems do not have solutions.

      The slides from this talk are available for download here, video here, and audio here.

      Attorney Advertising: This material has been prepared for general informational purposes only and is not intended as legal advice.