Before you sign that cloud computing contract, make sure you understand the intricacies of your vendor's data flows, advise global sourcing and privacy lawyers from Hunton & Williams. And be sure to identify the domestic and foreign laws that govern cloud-based data processing, they add.
Cloud computing implies data transfers across multiple locations, resulting in times during which you and your vendor may be unable to locate it. The U.K.-based authors write in an industry publication that European data protection laws place conditions on the transfer of personal data outside the EU. "Such conditions are often burdensome and impractical," they say.
The lawyers advise prospective cloud service buyers to try to control the locations of data transfers and stay apprised of vendor subcontracts.
Addressing the most oft-cited danger of cloud use in the biotech business, they say to require best practice security standards. And negotiate "robust contracts" that allow you to audit frequently. Users should encrypt data before it gets to the cloud, and ensure that the cloud vendor also uses encryption technology. "It is essential that data security and data protection considerations feature in the initial vendor due diligence," they say.
- here's the article