The WHIR has published an interesting article by David Snead, a lawyer whose practice is focused on internet infrastructure providers. Snead just finished work on a study of cloud computing services for the European Network and Information Security Agency (ENISA) and his focus is on legal risks.
He says any provider should be able to answer the following questions before you sign a contract.
1. In what country is the provider located?
2. Where is the provider’s infrastructure?
3. Will other providers be used?
4. Where will the data be physically located?
5. Should jurisdiction be split?
6. How will data be collected, processed, transferred?
7. What will happen to the data on termination?
Snead follows up with recommendations on how to evaluate the answers you get back in his article.