By Robert J. Scott, Managing Partner, Scott & Scott, LLP

Businesses are focusing on the potential cost savings, profits and agility to be found in the cloud. Cloud contracts expose both the client and the service provider to risks not present in more traditional technology service or software transactions. The transformation from on-premises software deployments to cloud based models hg as widespread implication for data privacy, security, and regulatory compliance.
On January 27th, I will share suggestions on how each party can mitigate, balance or transfer the privacy and security risks in cloud computing in a free webinar Cloud Contracts to Minimize Risk.
Entering into cloud computing contracts without understanding the inherent risks associated with cloud services should be addressed through proper contracting and risk transfer using insurance.
Data Privacy and Security Risks for Cloud Computing Users
The biggest issues with respect to cloud computing are data privacy and security risks. The loss of personally identifiable customer, financial, or health care information can be catastrophic to a business. Related to these concerns are IP and data ownership issues, the right to use data, jurisdiction of stored data and compliance with local law, rights to the data at termination of a contract, and the availability of monetary or other remedies in the event there is a data breach. Before outsourcing application hosting and data storage to a cloud vendor, a customer must be comfortable that the vendor’s platform is secure and that the terms of service protect the customer if things do not go as planned.
The main risk that users face when they place their data and applications on centralized servers in a cloud computing environment arises from the loss of physical control of the data. Once data is out of the users’ hands and in the hands of another party, all of the issues identified above become risk points for the user. The customer has a non-delegable duty to safeguard their customer information. In cloud contracts, end-users entrust this duty to safeguard the privacy and security of their data to the cloud provider while still remaining legally responsible for any losses that occur during the term of the contract.
The four main categories of risk in cloud computing are: business continuity risks, regulatory compliance risks, intellectual property risks, and liability risks.

