Feb 10, 2015

Do cloud service providers have to notify users in the event of a data breach?

Are cloud providers obligated to notify users in the event of a data breach?
02/10/2015
This is a very difficult question to answer with a simple yes or no. The issue is that there are numerous federal and state laws (if we are talking about US-based providers) that cover a breach. As an example,

Under state data breach laws, the cloud provider is responsible for breach notification to the data owner, but not to individuals or users if they don't own the data. You really need to review your contract (you know, that several pages-ful of screens that you probably never have read) with your provider to see what they have promised and what they haven't.

There is a great presentation that was given by a DC-based law firm for Cisco here:
https://www.cisco.com/web/about/doing_business/legal/privacy_compliance/docs/CloudPrimer.pdf
Answer this