Safety In the Cloud

FindLaw columnist Eric Sinrod writes regularly in this section on legal developments surrounding technology and the internet.

The cloud computing technology currently available is carrying us into the future in terms of the remote off-site handling and storage of our data.  But are we safe in the cloud?  Is our private data secure?  Good questions

According to a recent survey commissioned by Microsoft, while 58% of the general population and 86% of senior business leaders are excited with respect to the prospect of the cloud computing technology now available, more than 90% of them are worried about the security, privacy and access of their cloud data.  The survey also revealed that the majority of respondents would like the federal government to create laws, rules and policies specifically governing cloud computing.

Following up on these results, Brad Smith, Vice President and General Counsel for Microsoft, has called for a "national conversation" designed to create confidence in cloud computing and he has proposed a Cloud Computing Advancement Act to address cloud privacy and security.

Features of the proposed legislation would include:

• Enhanced privacy protection and data access rules to protect privacy, while specifically strengthening the Electronic Communications Privacy Act;
• Updating the Computer Fraud and Abuse Act to give law enforcement officials the tools they need to pursue hackers and to deter Internet crimes;
• The adoption of truth-in-cloud-computing principles to allow consumers and businesses to understand how information will be accessed, used and protected by service providers; and
• Efforts to create a grapple with cloud computing data protection issues on a global basis.

Frankly, some of the laws on the books, like the flexible Computer Fraud and Abuse Act, already can be triggered to provide legal protection and recourse in the relatively new cloud computing era.  And while Microsoft may be trying to get out front of the issue to generate favorable PR for its own business practices, that is not a bad thing. 

There certainly is no harm in generating a "national conversation" about cloud computing and the protection of data in the cloud.  Whether any of the proposals by Mr. Smith of Microsoft actually gain traction remains to be seen.  But the conversation could lead to some goods ideas that ultimately are worthy of implementation.

Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP (http://www.duanemorris.com) where he focuses on litigation matters of various types, including information technology and intellectual property disputes.  His Web site is http://www.sinrodlaw.com and he can be reached at ejsinrod@duanemorris.com.  To receive a weekly email link to Mr. Sinrod's columns, please send an email to him with Subscribe in the Subject line.
This column is prepared and published for informational purposes only and should not be construed as legal advice.  The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

Related Resources:

• Online Protection for Your Company's Confidential Information (FindLaw's Free Enterprise)
• Microsoft's Danger and T-Mobile Sidekick Users' Data  (FindLaw's Common Law Blog)
• 3 Questions in Determining Liability in #Twittergate  (FindLaw's Technologist Blog)