Home Knowledge Cloud Computing – What Should You Consider?

Cloud Computing – What Should You Consider?

June 1, 2011
Partner
David Cullen

Cloud computing is a way of using an internet service provider’s software or infrastructure, thereby reducing your own IT costs.   It is fast evolving as a realistic and attractive alternative to the traditional IT model across all sectors, including the insurance industry. 

When entering into a cloud computing contract, there are a number of essential legal points which both cloud computing providers and businesses should bear in mind.

Good reputation and track record?

Businesses should conduct a due diligence process on the cloud computing provider in order to assess consistency and quality of service, as well as ability to meet the necessary demands. This will assist in identifying potential issues at the outset.

What services will be provided?

Cloud computing services should be defined with sufficient clarity in the contract in order to ensure that the obligations of the cloud provider are clear. Performance assurances should be explicit as this will ensure both parties have the same expectations.

Liability

Cloud computing providers typically have broad exclusions of liability in their terms of service. As cloud computing creates challenges of trust, accountability and compliance, businesses should review liability clauses in the contract to ensure that they sufficiently protect the business from issues such as loss of access and technical failures outages and technical failures.

Data Protection

The very nature of cloud computing is such that it almost certainly will involve the processing of personal data, and this is likely to be prevalent in the insurance industry. Assurances should be sought that personal data will be processed in compliance with applicable data protection legislation.  Businesses, as data controllers, are entrusting personal data to the cloud provider as a data processor. They must establish a process to ensure that the cloud provider has appropriate technical and organisational measures in place in order to prevent unauthorised or unlawful processing along with accidental loss or damage to personal data.

Sharing and transferring data within the ambit of a cloud can create legal issues surrounding the general restrictions on transfers of personal data outside the European Economic Area (EEA). Businesses should be aware of the fact that it is very difficult to determine the geographic location of specific data within the cloud environment.

Security

Data security is a key requirement for businesses, regardless of the nature of the data being stored by the cloud provider. A data security breach can have significant reputational and financial repercussions for businesses, so adequate security measures should be negotiated prior to the handing over of data.

By being aware of these issues, cloud computing providers and insurance companies can seek to implement a mutually advantageous contract which will achieve the necessary standard of compliance and minimise exposure to risk in the event of loss or damage.

Contributed by David Cullen.

Recommended Insights

See all
Article and Insights
1
Feb 2024
Responsible Business Annual Report 2023
William Fry is pleased to launch its Responsible Business Annual Report 2023.
Article and Insights
2
Feb 2024
Digital Operational Resilience Act – second batch of technical standards launched for consultation
We focus on the second batch of draft implementation measures announced by the Eur...
WF_author_blank
Partner
John O’Connor
Article and Insights
2
Feb 2024
John Delaney Documents – Supreme Court Refuses Leave to Appeal
The Supreme Court has refused leave to appeal from a decision rejecting John Delan...
WF_author_blank
Partner
Deirdre O’Donovan
Article and Insights
24
Jan 2024
Cross-Examining Affidavit Evidence in Insolvency Cases
The High Court recently dismissed a petition seeking the winding up of a biofuel c...
WF_author_blank
Partner
Fergus Doorly
prev
next
See all