The first time a client brought intellectual property lawyer Janine Anthony Bowen a cloud computing contract to look over, her reaction was, essentially, "These people must be nuts."
"I read the clause saying the service provider would bear no liability for anything that went wrong with its service, and even if something did go wrong, my client would still be responsible," recounts Bowen, lead partner at Jack Attorneys & Advisors in Atlanta.
To recover any losses, her client would have had to bring suit, and the maximum recovery amount equaled no more than the fees paid for 12 months of service. That amount wouldn't even begin to come close to the value of a data loss. Bowen's assessment of the contract was blunt: "The terms were offensive," she says.
Tanya Forsheit, with whom Bowen shared the dais at a Practising Law Institute seminar on cloud computing in San Francisco last summer, says she has similar concerns. "The cloud providers try to convey a take-it-or-leave-it attitude for their contracts, expecting people to click through the 'I accept' options the way people click through the iTunes website," says Forsheit, a founding partner of InfoLawGroup who works out of the firm's Manhattan Beach, Calif., office.
Because of the take-it-or-leave-it approach of cloud providers, IT professionals are running into problems with the legal professionals charged with mitigating the risks that their organizations face. That's the case at the Port of San Diego, where Deborah Finley just began thinking about using a small vendor's cloud-based email archiving service.
"We're a medium-size organization without the leverage a larger organization might enjoy. The vendor's contract had a limitation of liability for the cost of the contract, while our legal department has standard language about indemnification," says Finley, the Port's director of business information and technology services. "To change that language, we would need board approval." >>Read more