Cloud Service Provider Contracts: A Checklist for Records … · 2016. 6. 8. · • Integrated...
Transcript of Cloud Service Provider Contracts: A Checklist for Records … · 2016. 6. 8. · • Integrated...
CloudServiceProviderContracts:AChecklistforRecordsProfessionals
CorinneRogers
UniversityofBri1shColumbia
MarieDemoulin,JessicaBushey,ElissaHow,RobertMcClelland
InterPARESTrustInterna1onalSymposiumMarburg,Germany
June8,2016
Researchteam
• Researcher&ProjectLead– Dr.MarieDemoulin,UniversitédeMontreal
• GraduateResearchAssistants– JessicaBushey,UBC– ElissaHow,UBC
• IndependentResearcher– RobertMcLelland,DeltaMuseum&Archives
Access
Security
Infra-structure
Control
Legal
Policy
SocialIssues
Resources
Terminology
Educa>on
Purpose&Researchques1on
• Toexplorethecontract–specificallythecontractbetweenaclientandacloudserviceprovider–asatoolforbuildingtrust
• Howeffec1velydocloudservicecontractsmeettheneedsofrecordsmanagers,archivists,andinforma1ongovernanceprofessionals?
Firststep:ReviewtheLiterature• Currentresearch(2011-2014)
Findings:– Severallegaldocumentsexist
• TermsofService• ServiceLevelAgreements• PrivacyPolicies• AcceptableUsePolicies
– Li^lestandardiza1onofterms– “Obenincomprehensibletomajorityofusers”– Wide-rangingexclusionsofliabilityfavortheproviders– Termsmaychange
Firststep:ReviewtheLiterature
• CaseLawandRelatedAr1clesFindings:– Rela1velyfewcases,butseverallegaltenets– Complexityresultsfromjurisdic1onalandindustrydifferences• Contractlaw• Privacyandaccess• Confiden1alityandsecurityofdata• Datajurisdic1onandconflictoflaws
Firststep:ReviewtheLiterature
• RecordkeepingStandards,CloudCompu1ngContractStandards,andrelatedar1cles– ISO15489(2001)– ISO14721(2012)– ARMAGARP(2013)– MoReq(2009)
Firststep:ReviewtheLiterature
• RecordkeepingStandards,CloudCompu1ngContractStandards,andrelatedar1cles– CloudServiceLevelAgreementStandardiza1onGuidelines(2014)
– PublicRecordsOfficeofVictoria(2012)
Compara1veAnalysis
• Regardlessofjurisdic1on,sector,orprofession,commonrisksexist:– Unauthorizedaccess– Privacybreach– Lossofaccess,control– Lackoftransparencyofservice– Lackofabilitytonego1ateservice– Loca1onambiguity– Contractambiguity
SpecificConsidera1ons
• Dataownership• Availability,retrievalanduse• Datastorageandpreserva1on• Datareten1onanddisposi1on• Security,confiden1ality,privacy• Dataloca1onandcross-borderdataflow• Endofservice;contracttermina1on
Selectedcontracts
• Nomarke1ngmaterial• Boilerplatecontracts&documents– TermsofService(ToS)– ServiceLevelAgreements(SLA)– Privacypolicies,AcceptableUsepolicies,Securityterms,
• Jurisdic1on– Canada,UnitedStates,Europe
Contractsconsidered• Amazon.com(USA)• Bluelock(USA)• Dropbox(USA)• Egnyte(USA)• GoGrid(USA)• Google(USA)• ProfitBricks(USA)• Rackspace(USA)• CityNetwork(Sweden)• SAP(Belgium)• PathwayCommunica1ons(Canada)
TheChecklist
TheChecklist-sec1ons
• Agreement• DataOwnershipandUse• Availability,Retrieval,andUse• DataStorageandPreserva1on• DataReten1onandDisposi1on• Security,Confiden1ality,andPrivacy• DataLocaliza1onandCross-borderDataFlows• EndofService;ContractTermina1on
Integra1on&Review
• IntegratedwithNA03:StandardsofPrac1ce• IntegratedwithNA06:Reten1on&Disposi1onchecklist
• Releasedforfeedbackinfall2015• TestedinInterna1onalFedera1onofRedCrossandRedCrescentSocie1es
• PresentedatICAinRekjavik,Iceland–ve^edinaninterna1onalspace–posteronICAwebsite
Resources
• CloudServiceContracts:AnIssueofTrust,CanadianJournalofLibraryandInforma2onScience(CJLIS):SpecialIssueonData,RecordsandArchivesintheCloud,June2015
• h^ps://interparestrust.org/Dissemina1on– Annotatedbibliography– Checklist– FinalReport
Con1nuingac1vi1es
• ChecklistbeingtranslatedintoSpanish• Reportbeingfinalized
Thankyou!
www.interparestrust.org