Some data migration risks can be mitigated at the cloud contract stage, Allison Bird, Judy Selby’s partner at Clearview Privacy Consulting LLC, explains.

Regarding indemnification, Bird says, “If data is lost or exposed by the hosting company, your company as well as any affiliates who use the services will be subject to suits from clients and individuals whose data was impacted.  You may also be subject to regulatory scrutiny which could result in legal costs and regulatory penalties.  To the extent possible, negotiate a full indemnification of third party claims arising out of the hosting services.”

She says the limitation of liability section of your hosting agreement “may be the single most important” part.  “Your hosting company may make a lot of promises in the agreement.  However, if their liability under the agreement is significantly capped, you won’t receive the monetary compensation necessary to make up for hosting company’s acts and omissions that damage the company. Negotiations for a higher cap will translate into real dollars in the event of a security incident.”

Of course, insurance is always a good solution if done right. “You can negotiate the perfect contract but unless your hosting company has a deep pocket, it may not have sufficient capital to make good on contractual obligations in the event of a breach or data loss situation, especially one affecting many of its customers,” Bird says.  Consider adding language into the agreement which requires your hosting company to maintain insurance (with your company as a named insured) covering data breach and inability to access data.”

Read the complete post by Allison Bird on Judy Selby Consulting’s blog.