Home Knowledge Cloud Computing – What Should You Consider?

Cloud Computing – What Should You Consider?

Cloud computing is a way of using an internet service provider’s software or infrastructure, thereby reducing your own IT costs.   It is fast evolving as a realistic and attractive alternative to the traditional IT model across all sectors, including the insurance industry. 

When entering into a cloud computing contract, there are a number of essential legal points which both cloud computing providers and businesses should bear in mind.

Good reputation and track record?

Businesses should conduct a due diligence process on the cloud computing provider in order to assess consistency and quality of service, as well as ability to meet the necessary demands. This will assist in identifying potential issues at the outset.

What services will be provided?

Cloud computing services should be defined with sufficient clarity in the contract in order to ensure that the obligations of the cloud provider are clear. Performance assurances should be explicit as this will ensure both parties have the same expectations.


Cloud computing providers typically have broad exclusions of liability in their terms of service. As cloud computing creates challenges of trust, accountability and compliance, businesses should review liability clauses in the contract to ensure that they sufficiently protect the business from issues such as loss of access and technical failures outages and technical failures.

Data Protection

The very nature of cloud computing is such that it almost certainly will involve the processing of personal data, and this is likely to be prevalent in the insurance industry. Assurances should be sought that personal data will be processed in compliance with applicable data protection legislation.  Businesses, as data controllers, are entrusting personal data to the cloud provider as a data processor. They must establish a process to ensure that the cloud provider has appropriate technical and organisational measures in place in order to prevent unauthorised or unlawful processing along with accidental loss or damage to personal data.

Sharing and transferring data within the ambit of a cloud can create legal issues surrounding the general restrictions on transfers of personal data outside the European Economic Area (EEA). Businesses should be aware of the fact that it is very difficult to determine the geographic location of specific data within the cloud environment.


Data security is a key requirement for businesses, regardless of the nature of the data being stored by the cloud provider. A data security breach can have significant reputational and financial repercussions for businesses, so adequate security measures should be negotiated prior to the handing over of data.

By being aware of these issues, cloud computing providers and insurance companies can seek to implement a mutually advantageous contract which will achieve the necessary standard of compliance and minimise exposure to risk in the event of loss or damage.

Contributed by David Cullen.