The formation of the Cloud Industry Legal Forum (CILF) is obviously a good thing, although the use of an 'ILF' acronym is a little too close to a certain bit of x-rated online slang for my liking. Although thinking about it, for many people CILF does actually stand for 'Cloud I'd Like to FUD' to be honest. Especially when it comes to matters legal.
I applaud both the founding of CILF, and the foundation up on which it is based: to focus on providing clarity regarding the many legal issues that are associated with a move into the cloud. Whether this sub-group of the Cloud Industry Forum itself can actually achieve a legal framework in support of the industry remains to be seen, but by heck as like do we need one if yet another barrier to cloud adoption is to be demolished any time soon.
Legal FUD is, in my never humble opinion, only second behind Data Security FUD in terms of the amount of it out there and the success it is having in preventing many organisations from taking the cloud computing plunge.
What do I mean by legal FUD? The acronym FUD is short for 'Fear, Uncertainty and Doubt' which is rife when it comes to media reporting of legal issues. Often the boundaries between legal and security matters are so blurred that it is hard to separate the two, and this just makes slapping a double whammy of FUD on the unsuspecting reader a whole lot easier.
Take the relatively simple question of 'where is my data located?' for example. This should be a straightforward thing to discover by simply asking your would-be cloud service provider.
For most businesses the answer is pretty non-relevant anyway, as governance issues do not enter the equation. Where the G-word does rear its head, then part of any due-diligence strategy to move data into the cloud would surely include ensuring the service provider was aware of this fact and both willing and capable of ensuring the geographical location met the legal requirements.
For most businesses, the question of their data being stored in a US-based location and therefore, theoretically at risk of being accessed by the Feds on a whim, simply doesn't arise.
If the privacy issue is an issue, the same 'just ask and don't sign with a provider who cannot give the right answer' advice applies. Lawyers throwing large amounts of legalese into the ring really don't help the situation, other than those law firms who stand to benefit from unnecessary consultancy and auditing fees.
I'm not suggesting for a moment that privacy and geolocation issues do not exist but rather that making them into such a big grey deal is not necessary if you can step back and peer through the FUD to see the common sense beyond.
Legal jurisdiction, intellectual property, data security and privacy issues are not new territory for any business that goes online. I Am Not A Lawyer, however I am fed up with lawyers who seem to be making something of a hobby of over-egging the 'unique legal risks' cloud pudding.
Which is why I was pleased to see that Conor Ward, Partner at Hogan Lovells which is a founder member of CILF reckons that the group "will act as an advisory sounding board on issues relating to the legal issues associated with cloud computing" and gives the example of submitting a response to recent EU Data Protection proposals rather than the usual round of 'what's wrong with the cloud' nonsense.
"This consultation is an opportunity to review the data protection landscape to ensure a greater take-up of these types of technologies and to remove some of the FUD which surrounds some of the compliance issues" Ward insists, concluding "within the UK, data controllers (and their suppliers - often members of CIF), have benefitted from a practical, business-oriented approach to data protection, which struck a good balance with the rights of individuals".
