When the cloud trend erupted, legal questions and red tape surrounded the growing technology movement. Contracts signed between cloud service providers, IT companies like ours and end clients created headaches and uncertainty on who was responsible for what and when an issue did occur which party needed to address it.
We wanted to share with you some of the legal pitfalls and concerns we have stumbled over recently.
Who is responsible for damages from interruptions in service? For the most part, cloud service providers refuse to accept any responsibility or liability for issues. Many of the cloud service providers state in their agreements that liability is non-negotiable and “everyone” accepts it. Even some of the top companies have had challenges collecting monetary liability with one of our colleagues being told to “lump it”. Many businesses are now pushing back stating that lack of acceptance of liability is a “deal breaker.”
Service Level Agreements – A service level agreement (SLA) is a commitment to a stated service level. Basically the cloud service provider is stating that their service will be available for X amount of time. SLAs are often negotiable and will normally be adjusted through pricing. The more you pay, the higher level of service you will receive.
Does availability extend to your business data? – Many cloud service providers will tell you how many redundant servers and service components they have and the level of fault tolerance their cloud services have. Business must continue to exercise due diligence when sourcing cloud services. Cloud service providers are often compared to owners of apartment buildings. The building will burn down, they will rebuild it but they will not replace your valuable memories. The same happens with cloud providers, you may come to work one day to no data if you choose the wrong cloud provider.
Where does your data actually reside? – The European Union’s Data Protection Directive prohibits storing of data outside the boundaries of the EU. Countries such as Canada advise businesses to keep data within the confines of Canada as US government legislation such as FISA allows the US government to review any data stored on US soil or in a foreign country if the hosting provider is US owned. Always ask where the data is stored and do your homework on what rules govern the storage of data.
Can you get out of the deal easily? – Your exit strategy must be thought out. Many cloud vendors have long term contracts resulting in locking you in to a long term and excessive penalties for early termination. Experts state that businesses should try to spread out their cloud hosting across many vendors to avoid being held hostage by cloud service providers. We also recommend verifying the amount of notice you must give prior to termination of your agreement.
Who maintains data for legal or compliance requirements and what happens to your data at the end of your contract? – This is a grey area when it comes to cloud services. Many cloud service providers admit to not having processes in place for litigation, e-discovery or preservation as evidence if a lawsuit occurs and the cloud service provider is subpoenaed. Also how long will your cloud service provider retain your data at the end of your agreement or upon cancellation? Many cloud service providers will delete your data upon cancellation and some offer a grace period of approximately 30 days.
If the service provider changes their service, what happens? – Unfortunately for many businesses the cloud service provider can change their contract terms unilaterally. This happened recently when cloud service provider Level Cloud suddenly announced ceasing selling cloud services through many of our peers, leaving IT firms scrambling to find alternate solutions. We recommend you understand all the potential service changes up front.
Who owns the intellectual property? – IP rights are frequently cited. Provider’s terms specify they own deliverables like documentation. Often issues arise when a business subscribes to a cloud service but writes scripts or tools to access information or to perform certain activities within the application. Always ensure you understand who owns what within your service agreement.
What are the grounds for service termination? – Non-payment is the top reason cloud service providers terminate services and contracts with their subscribers. However, there can be other issues that may pop up from time to time. Material breach, breach of acceptable use policies, or third party concerns or reports of abuse are all examples. We have also seen when the actions of one person have had entire services shut down. Many service providers lack clarity with their offerings, make sure you understand the grounds of termination before signing your agreement.
We hope this helps when you are looking for a cloud service provider. Our team is here to help you make sense of cloud service offerings and we recommend you contact us prior to entering into any cloud agreement.