Cloud Computing and Handling of Confidentiality of Personal Data is much important aspect as data must be protected to be accessed by unauthorized persons. There is an order, in which the provider processes and stores the user’s data with legal risk and responsibility. According to the usual Data Protection Acts in most of the countries, which tells that both the parties must sign the agreement about the processing of data in written form. There are regulations concerning the rectification, erasure and blocking of data as well as acts and rules for storage of control rights in favor of the clients.
Cloud Computing and Handling of Confidentiality
In addition, it must be clarified whether the provider may engage third parties to perform their contractual obligations. Since, the customer is also responsible in this relationship, sub-delegation should be contractually excluded or be a subject to the approval. Furthermore, the customer must give instructions to the seller. Key issues for the order processing are :
- Whether the parties have a written contract for commissioned data processing
- The admissibility of sub-commissions controlled by the provider
- Whether the customer has the right to give instructions to the seller
- Whether the client can verify the compliance with data protection requirements at the provider or subcontractor in an appropriate manner
Cloud Computing and Agreements on confidentiality
Again, sensitive data is processed and stored in the cloud computing environment must be protected from access by unauthorized persons. Confidentiality of agreements are therefore useful. In advance, at the project planning, data can get to unauthorized persons. This legal protection is often inadequate. Therefore, the parties already in this phase goes thhrough a confidentiality agreement (Non-Disclosure Agreement). If the contract for cloud computing services are closed, the agreements are to customized and extended. Anyone who refers to the earlier agreements from the project planning phase, must be careful whether they often affect only the initiation phase and not the runtime. In addition, in the contract it must be specified that the agreements on termination of the contract also applies. Also it is useful to have additionally secure agreements with penalties. Because in the case of disclosure of information can cause gentle to major damage on the victim. The provider of third parties needs to fulfill their obligations, they should be obliged to due notice for the confidentiality as obligations.
The main issues of confidentiality are :
- Are there are confidentiality agreements at all
- Are the agreements are to be renewed and extended in the contract
- Are the agreements on the contract goes beyond the end of relationship
- Are the agreements are secured with penalties
- Is the secrecy obligation of subcontractors is ensured
The importance of the exit management
Exit Management must be defined in the contract. If the data is returned or even destroyed must need to be ensured. There is also the need to regulate the mode of transmission and the file formats. In the event that the company does not collect their data, should the seller is entitled the right to delete them ? Is well advised to go for contract cancellation proceedings with a qualified technical description of the procedure. Thus, the provider is obliged to remove the data permanently from their system.