The issues of confidentiality, privacy and privilege should be part of an organisation’s risk management plan when making the decision to store documents in the cloud.
Businesses are increasing their use of cloud storage solutions. For them, ensuring that a chosen cloud service is compatible not just with their operational and security policies but also with their approach to dispute management will be critical.
If and when a dispute occurs, the organisation will need to access cloud-stored documents, for example, in anticipation of legal proceedings. This is when control of documents becomes an issue, as data in the cloud may be spread across many jurisdictions, out of the direct possession of the organisation.
In such situations, organisations will need to have good risk management processes in place to protect the confidentiality and integrity of sensitive information. Agreements with the cloud provider will need to provide for privacy, security, confidentiality, records management, audits, compensation for data loss or misuse, subcontractor obligations, intellectual property rights, limitations on liability, indemnity, service levels, termination rights and dispute resolution options.
Encryption and password protection protocols are an obvious requirement, as are methods to ensure certain types of data are not transmitted if the information is too sensitive.
Thinking of using cloud storage? Make sure a lawyer looks through your cloud storage agreement.