* Posts by Frank Jennings - The Cloud Lawyer

15 posts • joined 10 Mar 2016

Amazon's AWS S3 cloud storage evaporates: Top websites, Docker stung

Frank Jennings - The Cloud Lawyer

Quick, dig out the contract to see what protections you've got.

Clause 10: The service offerings are provided “As Is.” We…make no representations or warranties of any kind…that the service offerings or third party content will be uninterrupted.” https://aws.amazon.com/agreement/

If you didn't like that one, you definitely won't like clause 11.

GDPR: Do not resist! Unless you want a visit from the data police

Frank Jennings - The Cloud Lawyer

Re: Fines for companies etc... Yes!

"But I don't believe schools or NHS/Trusts should be fined, it just takes money away they desperately need."

As Baldy50 says, we often don't have a choice to use public sector services so they should lead by example but taking away money from an entity funded by the taxpayer is not a great solution. In fact, the whole principle of fining has always struck me as dodgy. "You've committed a [data / road traffic / tax (delete as required)] offence but if you pay us money we'll forgive you."

Largest public sector ICO fine (and largest ICO fine ever until TalkTalk) was £325k against Brighton and Sussex University Hospitals NHS Trust.

https://www.theregister.co.uk/2012/06/06/nhs_trust_disputes_ico_fine/

Frank Jennings - The Cloud Lawyer

Re: Schools?

Yes, ask data compliance manager / DPO at local authority / Education authority that oversees your school. Don't forget, existing Data Protection Act already regulates gathering, processing and transfer of data.

Frank Jennings - The Cloud Lawyer

Re: Question

GDPR is designed to protect EU citizens data wherever it is in the world. It is not possible to avoid compliance by simply contracting out of GDPR or changing the law. I imagine previous commenter Derichleau will be watching out for any attempt to do so!

Brexit means Brexit: What the heck does that mean...

Frank Jennings - The Cloud Lawyer

Re: Relevant to the story

> Unless the UK waives the two year exit negotiation period...

---> I've actually read Article 50 and there is no provision for that

You're right. Much of the Leave spin has been about Hard Brexit and simply moving onto WTO standards rather than suffer the humility of trying to negotiate a suitable deal the remaining 27 member states might not give us. Therefore, technically, Parliament could take us out of the EU by simply passing a law to do that. Boris is good at acting like a surly child on the international stage but even for him this might be a step too far.

---> So all EU laws and regulations in place at the end of the 2 years would apply, if I understand May's idea of a Great Repeal Bill.

Yes, apart from the ones which conflict with whatever Brexit deal we do such as the ECJ being the supreme court and freedom of movements etc.

NSA, GCHQ and even Donald Trump are all after your data

Frank Jennings - The Cloud Lawyer

Re: Our man advises

Haha, yes, it's no-news and bleeding obvious. And so is the statement that snooping by intelligence agencies is a fact of modern life. Guess you'll be heading to that Scottish croft then...

You've been hacked. What are you liable for?

Frank Jennings - The Cloud Lawyer

Re: Brexit won't matter

Exactly. Upon Brexit the UK gov will preserve all laws except for those directly associated with Brexit. This will likely affect the UK contributions to the EU budget, the 4 freedoms (goods, workers, services & capital) and "red tape". This last one is the most vague (none of it is particularly certain) but I don't see culling data protection laws as being high up the agenda.

Are you sure you want to outsource IT? Yes/No. Check this box to accept Ts&Cs

Frank Jennings - The Cloud Lawyer

Re: Lawyers in the cloud

Fair question. I wrote about this for Databarracks a couple of years ago. Search for "The Real Challenges and Benefits of Cloud Computing to Law Firms" and then did a "One Year On" follow up. The solicitors regulatory body has a paper on cloud too.

...as you said, maybe one for another article.

Frank Jennings - The Cloud Lawyer

Insurance?

Good question. The insurance might not cover loss of data or, if it does, it may require the customer to ensure it has suitable protections from its outsourced provider.

That means the customer could get into trouble from its own customers, get a fine from a regulator, suffer loss of business & reputation but not be able to claim under insurance or against the provider.

Frank Jennings - The Cloud Lawyer

Re: 30 days notice is good....

Yes, v.true. In fact I wrote on that topic for El Reg last year: http://www.channelregister.co.uk/2015/07/06/frank_jennings_cloud_insolvency/

Hey cloud lawyer: Can I take my client list with me?

Frank Jennings - The Cloud Lawyer

Yes, the fine is pretty lame but I don't much fancy Mr Skelton's jail sentence...

Frank Jennings - The Cloud Lawyer

Re: This is so self evident it is ridiculous

"This is so self evident it is ridiculous"

Yes, and yet it still happens all the time with the predictable outcome!

Frank Jennings - The Cloud Lawyer

Re: Linkedin?

Yes, more murky and will depend upon the use made. Some cases have said that it's the employee's personal account and this sits well with the LI terms. Conversely, an employee who has run the employer's LI group page, or who has uploaded contacts or who has used LI as their contacts database may have to turn it over to the employer.

Committees: Wait! Don't strap on the Privacy Shield yet

Frank Jennings - The Cloud Lawyer

Re: So riddle me this ...

Yep, that's pretty much it. NSA / FBI will use whatever legal means they have to get access to data controlled by US entities, whether or not the data is actually held in the USA. See the ongoing legal case against Microsoft by US gov to get access data in Dublin.

Data protection: Don't be an emotional knee jerk. When it comes to the law, RTFM

Frank Jennings - The Cloud Lawyer

Yes, remains to be seen how Privacy Shield will improve in practice what was Safe Harbour.

I see what you mean about hacking & ownership - once it's out of your control, do you really own it, but that's a different point. The person I spoke to the other day had heard that a large public cloud vendor had inserted terms transferring ownership of data.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019