Even an organization that doesn’t pay can secure some strong data protection provisions
It may look to some people as if there’s no negotiating room when entering into agreements with cloud service providers, especially when it comes to protecting sensitive data that may pass through the hands of third parties. Giving up control over access to your own organization’s data strikes many as just one of the compromises you have to make to take advantage of the cost and service efficiencies of the cloud computing model.
But depending on your position you may actually have more data protection cards to play than you think when you set up an agreement with a cloud computing provider.
In a post on Mondaq, Kelly L. Friedman, a partner with the Toronto office of Davis LLP who specializes in electronic information and data privacy issues, recently noted how the Ontario ministry of education persuaded Google and Microsoft to add contractual addenda protecting the data privacy of students who access Google Apps for Education and Office 365.
“Essentially, these addenda incorporate some important contractual protections, and create a ‘walled garden’ so that school boards maintain an important degree of control on student data within the ‘walled garden,’” Friedman writes in the post, which is titled “Canada: A Realistic Approach Is Needed To Cloud Computing.” Friedman notes that Google Apps for Education and Microsoft Office365 are being provided free to the school boards for student and teacher use. “Without the bargaining power that comes with pay-for-service, the addenda have done a fine job of reducing the risks of cloud computing for our kids.”