Cloud Service Provider Contracts: A Checklist for Records … · 2016. 6. 8. · • Integrated...

CloudServiceProviderContracts:AChecklistforRecordsProfessionals

CorinneRogers

UniversityofBri1shColumbia

MarieDemoulin,JessicaBushey,ElissaHow,RobertMcClelland

InterPARESTrustInterna1onalSymposiumMarburg,Germany

June8,2016

Researchteam

•  Researcher&ProjectLead– Dr.MarieDemoulin,UniversitédeMontreal

•  GraduateResearchAssistants–  JessicaBushey,UBC– ElissaHow,UBC

•  IndependentResearcher– RobertMcLelland,DeltaMuseum&Archives

Access

Security

Infra-structure

Control

Legal

Policy

SocialIssues

Resources

Terminology

Educa>on

Purpose&Researchques1on

•  Toexplorethecontract–specificallythecontractbetweenaclientandacloudserviceprovider–asatoolforbuildingtrust

•  Howeffec1velydocloudservicecontractsmeettheneedsofrecordsmanagers,archivists,andinforma1ongovernanceprofessionals?

Firststep:ReviewtheLiterature•  Currentresearch(2011-2014)

Findings:–  Severallegaldocumentsexist

•  TermsofService•  ServiceLevelAgreements•  PrivacyPolicies•  AcceptableUsePolicies

–  Li^lestandardiza1onofterms–  “Obenincomprehensibletomajorityofusers”– Wide-rangingexclusionsofliabilityfavortheproviders–  Termsmaychange

Firststep:ReviewtheLiterature

•  CaseLawandRelatedAr1clesFindings:– Rela1velyfewcases,butseverallegaltenets– Complexityresultsfromjurisdic1onalandindustrydifferences•  Contractlaw•  Privacyandaccess•  Confiden1alityandsecurityofdata•  Datajurisdic1onandconflictoflaws


•  RecordkeepingStandards,CloudCompu1ngContractStandards,andrelatedar1cles–  ISO15489(2001)–  ISO14721(2012)– ARMAGARP(2013)– MoReq(2009)


•  RecordkeepingStandards,CloudCompu1ngContractStandards,andrelatedar1cles– CloudServiceLevelAgreementStandardiza1onGuidelines(2014)

– PublicRecordsOfficeofVictoria(2012)

Compara1veAnalysis

•  Regardlessofjurisdic1on,sector,orprofession,commonrisksexist:– Unauthorizedaccess– Privacybreach– Lossofaccess,control– Lackoftransparencyofservice– Lackofabilitytonego1ateservice– Loca1onambiguity– Contractambiguity

SpecificConsidera1ons

•  Dataownership•  Availability,retrievalanduse•  Datastorageandpreserva1on•  Datareten1onanddisposi1on•  Security,confiden1ality,privacy•  Dataloca1onandcross-borderdataflow•  Endofservice;contracttermina1on

Selectedcontracts

•  Nomarke1ngmaterial•  Boilerplatecontracts&documents– TermsofService(ToS)– ServiceLevelAgreements(SLA)– Privacypolicies,AcceptableUsepolicies,Securityterms,

•  Jurisdic1on– Canada,UnitedStates,Europe

Contractsconsidered•  Amazon.com(USA)•  Bluelock(USA)•  Dropbox(USA)•  Egnyte(USA)•  GoGrid(USA)•  Google(USA)•  ProfitBricks(USA)•  Rackspace(USA)•  CityNetwork(Sweden)•  SAP(Belgium)•  PathwayCommunica1ons(Canada)

TheChecklist

TheChecklist-sec1ons

•  Agreement•  DataOwnershipandUse•  Availability,Retrieval,andUse•  DataStorageandPreserva1on•  DataReten1onandDisposi1on•  Security,Confiden1ality,andPrivacy•  DataLocaliza1onandCross-borderDataFlows•  EndofService;ContractTermina1on

Integra1on&Review

•  IntegratedwithNA03:StandardsofPrac1ce•  IntegratedwithNA06:Reten1on&Disposi1onchecklist

•  Releasedforfeedbackinfall2015•  TestedinInterna1onalFedera1onofRedCrossandRedCrescentSocie1es

•  PresentedatICAinRekjavik,Iceland–ve^edinaninterna1onalspace–posteronICAwebsite

Resources

•  CloudServiceContracts:AnIssueofTrust,CanadianJournalofLibraryandInforma2onScience(CJLIS):SpecialIssueonData,RecordsandArchivesintheCloud,June2015

•  h^ps://interparestrust.org/Dissemina1on– Annotatedbibliography– Checklist– FinalReport

Con1nuingac1vi1es

•  ChecklistbeingtranslatedintoSpanish•  Reportbeingfinalized

Thankyou!

www.interparestrust.org

Cloud Service Provider Contracts: A Checklist for Records … · 2016. 6. 8. · • Integrated...

Documents

Transcript of Cloud Service Provider Contracts: A Checklist for Records … · 2016. 6. 8. · • Integrated...