The primary source of legal and business obligations of providers of cloud-based services is the customer contract. Quality of service, profitability, and the outcome of all legal issues flow a cloud service provider’s commercial arrangements and terms of contract. Service level and performance, best practices, liability, risk management and allocation, vendor lock-in and the strength of both parties’ obligations hinge on the cloud computing service contract.

Given the cloud’s adaptability to customers of all shapes and sizes, contract negotiations are an especially critical stage for a business to tailor its services to a customer’s needs. Cloud providers and customers need the careful advice of experienced counsel when it comes to deals involving standard form or “take it or leave it” contracts. Our attorneys perform contract negotiation, drafting, review, interpretation, defense and enforcement. The firm provides its corporate and business clients with custom legal advice targeted at risk management, business development, and other proactive measures designed to avoid or minimize the impact of litigation. We utilize our contracts and business law experience to ensure the protection and commercial success of our cloud computing and hosted service provider clientele.

Contracts and Commercial Transactions

Applicable law is always a concern for cloud-based service providers. With data transferred and processed across jurisdictional boundaries and servers located in one state but accessed in another, determining the governing law and jurisdiction for a hosted service is absolutely necessary. Ensuring that the most amicable laws, rules, and regulations will govern a commercial transaction is indispensable for any industry but even more so for companies located in the cloud.

Our firm’s experience in cross-border transactions applies to cloud-based service providers as we work toward beneficial business arrangements and avoid commercial disputes.

Cross-Border and Multi-Jurisdictional Transactions

Compliance with laws governing the privacy of customer data is a serious responsibility for any cloud provider. Data privacy is addressed in multiple federal, state, and international laws including the Electronic Communications Privacy Act (ECPA), the Child Online Privacy Protection Act (COPPA), the FCC’s CPNI rules, HIPPA, the Gramm-Leach-Bliley Act, the EU Directive on Data Protection (Directive 95/46/EC) and FTC consumer protection rules. However, the legal environment for the cloud industry is in a state of flux and often saddled with outdated laws and rules.

Our experienced attorneys work to make sure that clients have a compliant privacy policy in place and provide clients with the needed advice to protect customer privacy and prevent the unlawful disclosure and use of personally identifiable information (PII).

The nature of cloud computing and a cloud provider’s particular customer base means that there is never a one-size-fits-all approach to data privacy and customer confidentiality. The firm is ready to tailor the best privacy solution to your cloud-based business needs and to instruct your company on the use of customer information.

Data Privacy

Customers and providers of cloud services are especially concerned over data protection, and knowing how best to comply with laws imposing data security requirements and standards on cloud service providers and their customers is essential. With the increase of electronic data and malicious actors attempting to access valuable information, service providers and business customers must provide for the physical, operational, and programmatic security of their data.

Our attorneys provide counsel to safeguard data and manage data security risks. We assist businesses looking to trust cloud service providers with their data and advise cloud providers on the implementation of compliant and transparent data protection practices. We handle data breaches and support clients in minimizing loss and exposure from breaches and by ensuring compliance with data breach notification laws. The firm makes assessments of its clients’ cyber insurance policy for first and third party claims in the event of security breach, hacked data, or data loss and also offers legal representation to cloud service providers who have been denied insurance coverage.

Data Security

Knowing the physical location of one’s data is a primary concern for any customer of a cloud-based service provider because the location of where data is stored can determine what law will govern and control the maintenance of a particular customer’s data. Extraterritorial or dispersed geographical storage can impact the ability of customers to establish an audit trail for purposes of satisfying regulatory compliance and legal obligations, which rely on verifying where data is located, accessed, or altered. Storage and location issues have implications for the business development of cloud service providers since some customers may not be able to have their data stored in certain regions.

The CommLaw Group’s attorneys’ commercial and international expertise gives our clients an edge when establishing business agreements for cloud computing and hosted services. The firm instructs its cloud provider and customer clientele on where data can be stored and on any potential cross-border restrictions impacting the access and storage of customer data. We help clients control the physical location of their data and understand where their data is stored. Our attorneys negotiate terms of data location, retention, transfer, and recovery as well as concerns over backup data, governing law, customer access, and service reliability.

Data Storage and Location

Cloud computing touches on a number of intellectual property issues, and the protection of trade secrets, confidential information, copyright, and trademarks in the cloud has to be maintained. When software is involved in any transaction, the licensing, use, and ownership of both software as a service (SaaS) and data stored on the cloud become critical. For customers who rely on the cloud, warranties and indemnification regarding the infringement of third-party intellectual property rights are important considerations. Some cloud service providers must also arrange for the sub-licensing of software to their customers.

The CommLaw Group draws on its extensive intellectual property and technology background to safeguard the work of its clients in the arena of copyright and trademark. Our attorneys vigorously pursue the intellectual property rights of its clients and work to structure contractual arrangements to best meet the licensing demands of our cloud-based client base. In cyberspace, unlawful copying is rampant, and the firm not only prosecutes infringers but also advises its clients on what precautions must be taken to avoid becoming a party to an infringement action.

Intellectual Property

Cloud service providers must comply with a hodgepodge of federal, state, and international laws and regulations as well as applicable industry standards. However, complying with the current ground rules that implicate the cloud is only half the story. The cloud industry is relatively young, and the laws and rules bearing on the business and operations of cloud-based service providers are still in flux as legislators come to grips with the technology of the cloud. In an environment of regulatory uncertainty, the aid of experienced counsel is an absolute necessity in order to stay abreast of changes in the cloud’s legal and regulatory environment. Cloud providers who can best adapt to change will be the ones who gain the greatest competitive advantage, and businesses that have not yet made the move to the cloud may find the move impeded by a bevy of unforeseen red tape.

The rich experience of The CommLaw Group’s attorneys before numerous legal, administrative, regulatory, and tax tribunals ensures that hosted service providers have an easy and manageable path to achieve and maintain compliance. Our firm meets the regulatory demands of both established multi-national providers and market entrants with limited resources. Our attorneys advise our clients on the proper classification of their cloud-based services and the steps needed to not only fulfill compliance obligations but also to minimize costs in the process.

Regulatory Matters

State and local tax authorities have hosted software providers (SaaS) in their crosshairs as part of an effort to find new revenue streams for cash strapped governments. This issue becomes even more critical for businesses offering multiple hosted service platforms such as infrastructure as a service (IaaS) and communications as a service (CaaS). These other hosted platform offerings can potentially establish nexus for cloud providers in states with aggressive departments of revenue thereby exposing hosted software to sales and use tax collection obligations.

The CommLaw Group has an established practice tending to our business clients’ obligations pertaining to federal, state and local taxes, including sales, use, excise and transaction taxes. Our experience includes tax planning, compliance reviews, advocacy before taxing and regulatory bodies, interpretation of statutory provisions and administrative rulings, and assisting clients with the different aspects of audits.

Taxes