Moving your network and data to an external provider’s building doesn’t make you immune from the...
Legal Risks With Third Party Vendors
When placing your company's data and operations in the Cloud, you don’t evade legal responsibility just because you no longer control the network and your data. "It's not my network" may not be as strong of a defense as you would hope.
You could assume certain legal risks if your Cloud or Software as a Service provider behaves unethically, illegally, recklessly, irresponsibly or negligently.
Your customers could take you to court for perceived harm from actions or in-action by your CSP. Authorities could fine you for activities by your CSP that violate your customers' rights. In some cases, you could face criminal culpability.
If your CSP commits violations including copyright infringement, security and privacy violations, or loses or mis-manages data, or can’t comply with e-Discovery requests, you could be held accountable.
In addition, you must pay close attention to the Agreement you sign with your CSP. Much of your legal risk will be in that Agreement as IT companies in general stack their contracts with terms favorable to them.
As Elizabeth Ebert, the CIO Advisory Partner for Infosys Consulting, said to Information Week in August 2022, “The cloud providers have all been very effective in terms of limiting any damages that the end user is going to be entitled to in the contract.”
Even though you might experience 4- to 6-figures in losses due to the CSP’s errors or omissions, those terms typically limit your recovery to something like one month’s service fee.
At the same time, pay attention to the length and renewal terms of your Cloud or SaaS agreement. CSPs have been known to automatically renew contracts well in advance of the expiration of the existing one, by as much as 60-120 days.
So, make sure your attorney reviews that Agreement and always perform due diligence on the vendors, including any previous lawsuits against them, as part of the VRA.
For more information about performing a VRA on Cloud and SaaS vendors, grab your FREE copy of our e-Book, "Find Your Cloud 9's", which offers a mini-guide to the VRA process.
To set up a Reference Interview on the questions you have about investing in new technology for your business, contact me at 302-537-4198, ericm@edminfopro.com or on our Contact form.