I’ve recently had the opportunity to participate in or moderate several panels on cloud computing, addressing issues such as governance, security, privacy, and legal liability.  

One issue that frequently comes up is whether cloud computing is really new or different.  That depends on how you look at it.  As a legal matter, the model itself is not that different.  You can view it as another form of outsourcing, which is hardly new.  Or, you can draw the analogy to per-seat software licensing for enterprises, which is also not new.  What is new and different, however, is both the elasticity (the use of cloud can be scaled up or down with ease) and the volume of data that it can involve — and it’s really that volume that makes the subject so interesting and that raises many of the questions most often discussed in connection with cloud computing. 

Another question that frequently comes up is how companies should approach using the cloud and addressing the complex jurisdictional issues that can arise as data freely crosses borders.  These are hard issues with no silver bullet solutions.  But the questions underscore the importance of approaching the issue holistically and taking a principled approach to the cloud.   The first order of business should be to take a look internally and ask whether your organization has a clear, principled, and coherent way for addressing these myriad issues — privacy, security, responding to law enforcement requests — in the use of cloud computing services.  For example, on the issue of law enforcement requests (for those businesses that receive them), businesses will be far better off if they take the time, really examine their practices, and develop principles and guidelines for how they will deal with requests globally.

There is another potential benefit to taking such a principled approach on privacy and security issues, too.  It is quite possible that the business “winners” in the cloud will be those that offer the best products and services and compete on things that matter to customers, including security and privacy.  Customers care about how their data will be protected.  For users to make informed evaluations and decisions, however, they need to have some baseline information – which requires some degree of transparency around privacy practices, at least a general description around security, and information on where the data will be stored.  The most successful businesses are likely to be those that are best able to engage with customers and communicate their core principles, values, and practices.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of David Fagan David Fagan

David Fagan co-chairs the firm’s top ranked practice on cross-border investment and national security matters, including reviews conducted by the Committee on Foreign Investment in the United States (CFIUS), and is a partner in the firm’s data privacy and cybersecurity practice.

David has…

David Fagan co-chairs the firm’s top ranked practice on cross-border investment and national security matters, including reviews conducted by the Committee on Foreign Investment in the United States (CFIUS), and is a partner in the firm’s data privacy and cybersecurity practice.

David has been recognized by Chambers USA and Chambers Global for his leading expertise on bet-the-company CFIUS matters and has received multiple accolades for his work in this area, including being named The American Lawyer’s Dealmaker of the Year three times. His work includes successfully securing three of the four Presidential approvals in the history of CFIUS; securing the only Presidential order protecting a client against a proposed hostile takeover; and negotiating the only “golden share” the U.S. government has taken in a U.S. company. Clients laud him for “[seeing] far more matters than many other lawyers,” his “incredible insight,” and “know[ing] how to structure deals to facilitate regulatory reviews” (Chambers USA).

For more than two decades, David has handled transactions for clients across every sector subject to CFIUS review, including some of the most sensitive and complex matters that have set the template for CFIUS compliance and security agreements in their respective industries. He is also routinely called upon to rescue transactions that encounter challenges in CFIUS; provide strategic counsel to clients on navigating and addressing U.S. national security considerations in commercial transactions; and negotiate solutions with the U.S. government, including equity arrangements, that protect national security interests while preserving shareholder value and U.S. business interests.

In the enforcement area, David has represented clients in numerous enforcement actions pursued by CFIUS, including two of the three largest penalty cases resolved with CFIUS.

Reflecting his experience on complex U.S. national security matters intersecting with China, David is regularly engaged by the world’s leading multinational companies to advise on emerging legal issues, including outbound investment restrictions and regulations governing information and communications technologies and services (ICTS), as well as strategic legal projects related to the evolving U.S.-China competitive landscape. 

In addition, in the foreign investment and national security area, David routinely advises clients on matters requiring mitigation of foreign ownership, control, or influence (FOCI) under applicable national industrial security regulations. His work includes advising many of the world’s leading aerospace and defense companies and private equity firms, as well as telecommunications transactions subject to public safety, law enforcement, and national security review by Team Telecom.