We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy. Learn more here.Close Me
The computer world always seems to develop creative and
descriptive labels for new service offerings. 'cloud
computing' is a recent service offering to emerge and be so
labeled.
Think of a cloud as something that, while not solid, can't
be seen into or through. This is a useful way to approach
'computing in the cloud'.
The consulting firm Gartner, Inc. defines cloud computing as
"a style of computing where scalable and elastic IT-enabled
capabilities are delivered as a service to external customers using
Internet technologies".
In practical terms, cloud computing is a business model whereby
a customer:
contracts with a third party to store the customer's data
on the third party's computer system, which could be located
anywhere;
uses a computer or other device to access that data through the
Internet only when it needs to do so, but from virtually anywhere
so long as there is Internet connectivity;
reduces (potentially significantly) IT costs, since there is no
longer a need to own a computer system to store and process its
data and typically the third party is paid a fee that is based on
how often the customer accesses the third party's system;
and
relies on the third party to protect its data, wherever it may
be.
From a lawyer's perspective, this is outsourcing on
steroids!
While there is no doubt that the proponents of cloud computing
are able to argue the benefits of the 'significant reduction in
IT-related costs' and 'access anywhere' attributes,
these benefits are typically accompanied by a number of significant
risks for customers, including:
The cloud computing business model is predicated on cost
reduction for customers. In order to offer very affordable 'pay
as you go' fees to its customers, a cloud computing service
provider needs to minimize its own costs. This means that there is
an incentive to 1) locate its computer systems in low cost
jurisdictions (typically not here in Canada!), 2) offer the service
using standard form, non-negotiable contracts, and 3) include in
these contracts provisions that limit its liability as much as
possible. Bottom line – these are not customer friendly
contracts!
Most private sector organizations carrying on business in
Manitoba, including those in the construction industry, have
privacy obligations under Canada's Personal Information
Protection and Electronic Documents Act, otherwise known as
PIPEDA. These obligations include being "responsible for
personal information in [your] possession or custody, including
information that has been transferred to a third party for
processing", and using "contractual or other means to
provide a comparable level of protection while the information is
being processed by a third party." While some cloud computing
agreements include provisions that refer to protection of personal
information, others don't. More importantly, even those that do
also include other provisions that limit the service provider's
liability in the event of a privacy breach to a very low amount.
Finally, legislation to amend PIPEDA is currently before
Parliament. Among other things, this legislation will impose an
obligation on organizations to advise the Federal Privacy
Commissioner and individuals of a privacy breach in certain
circumstances.
Some regulated industries entitle the regulator to conduct
periodic audits of the data holdings of organizations in that
industry. Such an audit can only be conducted if access is provided
to the computer system where the data is being stored. Such access
is typically never contemplated by a cloud computing
agreement.
Given these risks, organizations can't just focus on cost
reduction when considering whether or not to engage in cloud
computing. Quite to the contrary, it is recommended that cloud
computing only be considered by an organization if it has been
properly advised as to the risks associated with that agreement. In
addition, unless the agreement provides appropriate protection
(which may be very difficult to negotiate, given the cloud
computing business model), it is also recommended that cloud
computing never be utilized where the information proposed to be
put into the cloud is highly sensitive.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
This Guide answers many frequently asked questions we receive from our international clients as they look at acquiring Canadian companies or their assets.
In our January Employee and Labour Relations bulletin, we reported important amendments to the Criminal Code of Canada that will significantly impact all Canadian workplaces.
Bill C-45, also known as the Westray Bill in honour of the deadly explosion at the Westray mine in Plymouth, Nova Scotia in 1992 that prompted legislators to review occupational health and safety law, comes into force on March 31, 2004.
Technology startups need to know how to raise capital, protect their inventions, access government technology support programs, develop commercialization strategies, and navigate federal and provincial legislation and regulations.
Organizations are increasingly leveraging shared services and outsourcing initiatives to reduce costs, increase efficiency, achieve greater agility and improve compliance.
The explosion of social media over the past few years has not only revolutionized the way we communicate with each other personally and professionally, it’s also transformed the business environment.
