Legal news and trends for Canadian in-house counsel and c-suite executives
Issue link: https://digital.canadianlawyermag.com/i/98265
in most small or mid-market firms, in-house lawyers wear many hats. However, some things about service level agreements and audit requirements around cloud computing are reasonably standard. ���It���s a commercial contract. To the extent you���re familiar with those traditional areas of law, it will be familiar to you. It���s not that new in this context,��� he says. ���It���s more about what are you asking the vendors to do in relation to the uptime of their systems, the break-fix they���ll do, and so on. Those are things that are not necessarily intuitive unless you���ve done them before. It takes some knowledge of the industry.��� Depending on how you define it, McCarragher says, TD Bank has been using cloud computing services for a long time. This would include situations where vendors would host or manage an application on the bank���s behalf. In some cases data storage is done remotely, either by sites managed by TD���s IT department or by the vendor. Often the latter have been dedicated environments, meaning they are run only for TD, with TD���s data. This segregation or isolation of client data is usually the best way of mitigating many of the risks, as opposed to being part of what cloud providers call a ���multitenant��� environment where data from several different organizations are running in the same servers or data centre. In an ideal scenario, McCarragher says organizations should ensure their cloud computing contract stipulates they retain 100 per cent ownership of the data being hosted or managed by a provider. If that���s not possible, corporate counsel should ensure the right use restrictions are in place. Secondary use of data is just one example. ���You could find yourself in a scenario where your vendor is taking your data and using it to gather business intelligence for certain markets,��� he points out. ���It���s not necessarily illegal, and they may not be doing it in a bad way, but there���s a risk of identification.��� Then there���s the question of where the data might be headed. Frank Giblon, in-house counsel at a construction industry software firm called CMIC Global, said firms sometimes aren���t aware when they sign a cloud services agreement with one provider that they���re actually doing business with a cloud collective of sorts. ���A lot of that stuff from outsourcing carries over and is a starting point, but you have to take it further and look at downstream providers. Where is the data? Is it in India? What have the outsourcers or cloud providers outsourced A Tradition of Business Whether conducting business in Canada or across the globe, Aird & Berlis LLP understands the realities of your work. Our clients benefit from the firm���s solid relationships with major institutions, government authorities and renowned national and international law firm affiliates. We combine the depth and strength of Canada���s largest firms with the creativity and effectiveness of smaller firms. Count on us for legal counsel from a business perspective.�� Eldon Bennett Managing Partner ebennett@airdberlis.com 416.865.7704 Brookfield Place, 181 Bay Street Suite 1800, Box 754 Toronto, ON M5J 2T9 T 416.863.1500 F 416.863.1515 www.airdberlis.com ca na dia nl awy e rm a g . c o m / i n h o u s E ntitled-2 1 themselves? Do you really know where the data is, and does that matter? You have to validate that it���s secure, that it meets the various standards and requirements of whatever your industry is.��� The old world of IT outsourcing had sub-contractors too, Fan notes, but the difference here is that companies can now be locked into multi-party delivery from multiple jurisdictions. ���You used December 2012/January 2013 ��� 31 8/25/11 12:01:27 PM