Contracting for Cloud Computing Services

Nearly every day, businesses are entering into arrangements to save the enterprise what appear to
be significant sums on information technology infrastructure by placing corporate data ‘‘in the cloud.’’ Win-win, right?  Not so fast.  If it seems too good to be true, it probably is.  Many of these deals are negotiated quickly, or not negotiated at all, due to the perceived cost savings.  Indeed, many are closed not in a conference room with signature blocks, ceremony, and champagne, but in a basement office with the click of a mouse.  Unfortunately, with that single click, organizations may be putting the security of their sensitive data (personal information, trade secrets, intellectual property, and more) at risk, and may be overlooking critical compliance requirements of privacy and data security law (not to mention additional regulations).  My article "Contracting for Cloud Computing Services: Privacy and Data Security Considerations," published this week in BNA's Privacy & Security Law Report, explores a number of contractual provisions that organizations should consider in purchasing cloud services.  You can read the full article here, reprinted with the permission of BNA.