ENJOY THE FULL ARTICLE!" />

Laws And Regulations Governing The Cloud Computing Environment

by cloudtweaks on November 27, 2012

in Cloud Computing, Computing, Healthcare, Host, IT, Security, Trends, Uncategorized

Laws And Regulations Governing The Cloud Computing Environment

Cloud computing technologies developed around them a complex legal and regulatory environment.  There are federal, international and even state laws that impose responsibilities to both cloud computing tenants and providers. Regardless of which side your business is on, you have to consider the legal issues, especially those related to the data you collect, store and process.

Different sector specific laws for cloud computing tenants and providers

To ensure you are in legal compliance, you may want to know more about American laws. In the United States, privacy and security are spread over different industry specific laws and regulations:

Health Insurance Portability and Accountability Act (HIPAA)

  • Under HIPAA’s Privacy Rule, an entity may not use or disclose protected health information unless as permitted or required by the Rule, or as authorized in writing by the individual affected. HIPAA’s Security Rule complements the Privacy Rule and deals specifically with Electronic Protected Health Information (EPHI). It lays out three types of security safeguards required for compliance: administrative, physical, and technical. The Rule identifies various security standards for each of these types. Required specifications must be adopted and administered as dictated by the Rule.

The Gramm-Leach-Bliley Act (GLBA)

  • It has 2 key rules for “financial institutions” storing data in the cloud: the Financial Privacy Rule and the Safeguards Rule. The Financial Privacy Rule requires institutions to notify each customer at the time the relationship is established and annually thereafter about the personal information about them collected, where that information is kept, with whom is shared, how is used, and how it is protected. The Safeguards Rule requires financial institutions to develop a written information security plan that describes how the company plans to protect clients’ nonpublic personal information.

Payment Card Industry Data Security Standard

  • The Payment Card Industry Data Security Standard (PCI DSS) was jointly developed by Visa and MasterCard to simplify compliance for merchants and payment processors. It has 6 core areas and 12 requirements that cover best practices for perimeter security, data privacy, and layered security.

Family Educational Rights and Privacy Act (FERPA)

  • FERPA is a federal law that protects student information collected by educational institutions and associated vendors. These institutions must have the student’s consent prior to disclosure of personal data including grades, enrollment status, or billing information. Protection of student information according to FERPA regulations is a key consideration in using cloud-based applications that handle student records. IT administrators must be aware of the information that is passed to a cloud network or application.

US-based cloud tenants and providers must consult a plethora of industry-specific laws to determine their legal risks and obligations. But if you don’t adequately protect the information you store, there are some important consequences you should assume, like fines or lawsuits. Remember that fines and lawsuits can have devastating consequences for small or midsize businesses.

So, do you know what laws should govern your cloud computing technologies?

By Rick Blaisdell / Rickscloud

(Disclaimer: CloudTweaks publishes news and opinion articles from different contributors. All views and opinions in these articles belong entirely to our contributors. They do not reflect or represent in any way the personal or professional opinions of CloudTweaks.com or those of its staff.)

Tagged as: cloud computing environment, educational institution, educational institutions, Family Educational Rights and Privacy Act, financial institutions, health information, health insurance portability, health insurance portability and accountability, Health Insurance Portability and Accountability Act, laws and regulations, legal compliance, privacy rule, security safeguards, security standards, state laws, United States

.

This post has been provided by who has generated 1430 posts on CloudTweaks.

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. We are proud to offer contributions by our own writers as well as authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...

2 comments
  Livefyre
Newest | Oldest
TomEntreprenuer
TomEntreprenuer

Understanding the American Laws is great to know especially if you are working within the USA.  I can definitely understand how the imposing fines can be devastating for an American doing business on American Soil. However, how does it affect those who are not working within the US Borders?  Can the same US Laws apply to those who are not US Citizens and are not working on US soil?

 

Cloud Training
Cloud Training

I wonder how many of the new start-ups have made sure these laws are implicit in how they work. I've got a hunch that it's not all of them!