One of the more important questions that businesses have started asking themselves is what they should have on contract when dealing with a cloud service provider. When you have so much of your business’s crucial data on the cloud, one of the main questions that comes up is, which laws will apply? One of the important things to remember is that just because your cloud service provider is based out of Canada, it doesn’t mean that only Canadian federal or provincial laws will be applied. The laws of the country where the servers are located will also come into play, which could be any place in the world with an active internet connection. Here are certain things that you should do, to protect your business and its related data.
Make ownership clear in the contract
It is important to have a clause in your contract which makes it abundantly clear that in case the company goes out of business, you will be provided with the ability to transfer all relevant data and access it on your personal cloud service. The clause should also include a notice provision stipulating your cloud provider, providing you with a warning in advance, giving you enough time to get your data off the provider’s service.
Your service agreement should make it clear how your service provider will respond to an order by court
Your service provider should make it clear in the contract what action the service provider will take if they receive a court order asking for information disclosure. Cloud service companies, like Facebook, have a policy in place which does not disclose personal information. So, just ensure you know what their policy is for dealing with such circumstances before signing on the agreement.
Ensure regular service backups of your data and operation uptime
The contract should make it clear where your data backups will be stored and how often the data will be backed up. In case your service provider ends up losing your data, then they will be liable for damages. But, either way, lost data is a significant loss to your business, so make sure a clause related to data backup is in there. Also, uptime is extremely important for your business to function efficiently, so make sure that your provider guarantees cloud uptime.
Ask for insurance and ensure certification
Although not all providers offer cyber risk insurance, do ask for it. Cyber risk insurance will protect you against damages that might be incurred due to theft of any confidential information stored on the cloud. If your cloud provider doesn’t provide you with the insurance option, then you can include it into the contract on your own. Also, certifications like SSAE16 and SOC2 are international standards that are related to security, availability, process integrity, privacy, and confidentially. If your service provider has those certifications, then it’s a good sign.
The above considerations should be implemented when moving your data into the cloud. To know more about the laws governing cloud based companies in Canada, get in touch with Prowse Chowne. Our team of legal experts are well equipped with the knowledge related to laws governing information technology.