Security and Privacy in the Cloud

A Legal Perspective


Foley Hoag LLP

Seaport West
155 Seaport Boulevard
Boston, MA 02210-2600

Directions »


July 30, 2015 8:00AM–10:00AM


Presented by MassTLC

Companies are storing more and more business data in the cloud, including sensitive information subject to specific security and privacy requirements.

Until recently, the cloud was lacking in objective standards for the protection of such data. That changes last year with the adoption of the first international standard for protection of personally identifiable information (PII) in public clouds, ISO 27018. While compliance with this new standard is voluntary, it is expected to become a best practice for Cloud Service Providers in the future, and has critical implications for companies doing business in the cloud and around the world.

Topics to be discussed include:

  • What are the key data privacy and data protection issues companies should consider before moving to cloud computing technologies?
  • How to understand and successfully navigate the legal liability for data stored in the cloud, with laws varying among jurisdictions?
  • What are the options for the ethical and legal use of this data as part of your company's business?
  • What are the key substantive requirements of ISO 27018 for handling customer data?
  • How does ISO 27018 adoption benefit customers in regulated industries such as healthcare and financial services?
  • What reasonable expectations should companies have of a cloud provider who claims ISO 27018 compliance?
  • How do the ISO 27018 requirements map against existing sector-based data privacy and security standards (e.g., HIPAA, SOC 2)?


  • Larry Disenhof, Group Director, Export Compliance & Government Relations, Cadence Design Systems
  • Sharon Gillett, Principal Networking Policy Strategist, Microsoft Research
  • Colin Zick, Partner, Co-Chair, Healthcare Practice & Co-Chair, Privacy & Data Security Practice, Foley Hoag LLP