In Praise of RFPs
The use of the request for proposals (RFP) and its cousin, the request for information (RFI), are both seeing less use these days. This is an unfortunate development. As vendors tighten their flexibility on contracting, frequently...
Who Has Access to Your Cloud Data?
The controversy over Prism and related revelations of the last few days regarding government access to cloud data serve to highlight the importance of addressing the question of “who has access to my cloud data?” in your cloud...
Finding Common Threads in Privacy and Information Security Laws.
The sheer number and variety of laws and regulations that can apply to even small businesses handling sensitive information can be daunting, if not overwhelming. In some instances, it may be almost impossible for even a large,...
Continuing Decline in Cloud Provider Responsibility
I have written previously that one of the primary trends in cloud computing over the last year has been a steady attempt by some, but certainly not all, cloud providers to completely erode most standard customer protections in their...
Ensure Your Data is Securely Deleted
In any instance in which your data may reside on a vendor’s systems (e.g., cloud engagements, hardware rental engagements, etc.), it is critical to ensure that your data is securely removed from those systems (i) when the agreement...
2013 Security Trends
In looking at the security landscape for this year, two trends are clear. Cloud computing and BYOD programs will continue to flourish. Both present a similar challenge to businesses: placing control of data into the hands of third...
CIA in the Cloud
No, this isn’t a post about a secretive intelligence agency. Rather, my reference to CIA is to the well-known acronym in the information security industry to “Confidentiality, Integrity, and Availability” of data. The same language is...
Overreacting to Information Security
If you have been reading my postings for the last several years, you know I am hardly one to be lax when it comes to information security measures – particularly when information will be shared with business partners and vendors. That...
Thoughts on Entering Into Cloud Engagements
Much has been written, including by me, about the risks (and benefits) of cloud engagements. I think a step back maybe in order – perhaps even two steps back. That is, I think it is far too easy to lose the forest for the trees in...
Social Media Hysteria
In late September, California joined the growing number of states enacting laws precluding employers from taking action against employees and job applicants who refuse to turn over their social media passwords without some form of...
Think Carefully Before Collecting Data
In this age of ever plummeting storage costs, some businesses are electing to "store it all" when it comes to consumer data. That is, businesses are storing data regardless of whether there is an actual need with the assumption that...
Money for Nothing: The New Culture of Cloud Computing
Since my last post, I have worked on a number of cloud engagements. In doing so, I could not help but think of the lyrics to that famous Dire Straits’ song “Money for Nothing” because it seems some cloud providers have adopted those...
Cloud Computing: It’s Like the Weather.
Recently, I have come to think of cloud computing like the weather. Everyone talks about it, but no one does anything about it.
Litigation Costs of BYOD Programs
While I hope no business reading this blog is or becomes the subject of a litigation, the reality is that litigation is an everyday occurrence for many businesses. The costs of litigation can be crushing, and not just with regard to...
It’s Official, NIST Says You are Out of Luck Negotiating Cloud Agreements
Well not really, but close. For those of you that missed it, NIST has made several statements about the non-negotiability of cloud agreements. Most recently, in its Guidelines on Security and Privacy in the Public Cloud, NIST said...
NLRB Continues to Scrutinize Social Media Policies
The acting general counsel of the National Labor Relations Board has issued several reports in just the past year highlighting the importance of drafting social media policies to avoid trampling on worker rights. As companies rush to...
App Development and Data Privacy
As almost every type of business is rushing to develop one or more apps for use on mobile devices by their employees, business partners, and/or customers, issues relating to data security are frequently overlooked or given short...
Aggregated Data and the Threat of Re-Identification
I have written before about the risks of clauses in technology contracts giving the vendor broad and, usually, undefined rights in aggregated data of their customers. Specifically, I have talked about the need for specificity as to...
Offshoring in Cloud Engagements Presents New Risks
This week a note caution regarding an unusual trend in some cloud engagements. In several recent transactions, I have seen provisions that put the customer on notice that the provider has one or more offshore affiliates who may assist...
Beware Aggregated Data Clauses in Vendor Contracts
A growing number of cloud and other technology agreements include grants to the vendor of broad and generally undefined rights to take “aggregated data” derived from the engagement and use it for unspecified purposes. Businesses...
