Walking the Line between Cloud and Privacy Policies and the GLBA

IAPP Privacy Academy 2012

Cloud providers accessed through the Internet often have their own mandatory privacy policies. Many times, large cloud providers are unwilling to negotiate the terms of these policies. When selecting a cloud provider—and before sending nonpublic personal information to the cloud—financial institutions subject to the Gramm-Leach-Bliley Act (GLBA) and other privacy and data protection laws must carefully consider whether they can comply with the terms of the cloud provider’s privacy policy without running afoul of their own privacy policy and the restrictions imposed by governing law. The terms under which information is disclosed to and the rights acquired by the cloud provider determine the legality of the disclosure and subsequent use of the data. Join us to explore the terms of various cloud provider privacy policies in light of the restrictions imposed by the GLBA.