enterprise 2.0

David Navetta, Esq. CIPP, has published an interesting blog post on the topic of Legal Implications of Cloud Computing.

Mr. Navetta emphasize the need to understand the increasingly complex and interlocking relationships in the Cloud:

The party with whom a company is dealing will often not be the party actually processing data or providing computing services.  This poses compliance challenges (e.g. how to perform/show due diligence) and  contracting challenges (e.g. how to obtain/enforce contractual rights / remedies when one or two layers removed from the company actually doing the processing).

The blog post also highlights the need for proper data retention and destruction policies.

What if the SaaS provider is working on a Cloud Platform that creates residual copies of data that the Cloud User has a legal obligation to delete? What if the SaaS provider works with a Cloud Platform that does not have the technology or capability to properly wipe data? Even if the Cloud Platform has these capabilities, what if the SaaS provider has not negotiated for the right to obtain these services?

My thoughts on Legal Obligation to Delete:

Internet has created a world where "absolute destruction" of data is not easy to achieve. Even when the services are hosted in-house, this type of data destruction is not possible. There could be replicas, backups, off-site backups, DR backups, user created offline replicas, user archives and even printed copies.

I think what is a more achievable is delete in context. Data that loses its context, loses its meaning and is not of much use. So going back to Cloud Services, when I delete an email from my SaaS powered Inbox, the SaaS provider may still have some residual "Sharded" copies of the data. But these residual copies have completely lost their context. And as you traverse down the layers of Cloud Service aggregators (Saas –> PaaS –> IaaS), this residual data becomes more and more meaningless. Re-animating an email from this sharded residual data would be like trying to re-construct a needle by searching for its pieces in a haystack! :-)