Tuesday, March 21, 2023
Subscribe to Small Business Monthly
Small Business Monthly on Facebook Small Business Monthly on Twitter Small Business Monthly on LinkedIn

SBM Articles


Who Actually Owns "Your" Data?

by Scott M. Lewis

Part 2 of 2

The Stored Communications Act (SCA) has many critics.
As with a lot of legislation, many feel it has not kept up with advances in technology, making it difficult to apply to today’s standards. There is also concern over the ambiguity in the law. It has put undue burden on internet service providers and hosting companies to remain in legal compliance, appease both international and domestic governments, and meet the needs of their customers. Further criticism is based on the belief that since the SCA has not kept up with current standards, the courts have been forced to stretch the legislative intent in order to meet evolving standards — making it less applicable.

In March 2018, the CLOUD Act took effect. This was intended to be a legislative fix to the SCA and to help further define data ownership and the responsibilities of internet service providers. However, I am not sure whether it actually achieved this or just makes things more confusing.

CLOUD actually stands for Clarifying Lawful Overseas Use of Data, and it is a response to the current Microsoft v. United States court case. The CLOUD Act is an amendment to the SCA, with the intent of clarifying the concerns of Microsoft and other ISPs about bringing them more in line with foreign privacy acts. Keep in mind that this is based on the FBI’s attempt to gain access to data stored on a server in Ireland through the use of an SCA-based warrant.
Provisions of the CLOUD Act have many opponents, such as the Electronic Frontier Foundation, the American Civil Liberties Union, Amnesty International and Human Rights Watch. Much of the criticism is aimed at giving the executive branch the ability to enter into bilateral agreements with foreign governments to provide requested data that is related to citizens. Opponents say this strips away Fourth Amendment protections against illegal searches and seizures.

The Patriot Act also gave the government a lot of latitude when it came to the collection and seizure of electronic data. Although the Patriot Act expired in June 2015, the government did find a way to renew key elements through the USA Freedom Act. These two acts appear to show that data created in the cloud or a cloud-based platform are owned by the cloud provider or platform owner. When data breaches that should have been prevented happen, these government requests for data go to the provider of the service and not to the end user.

What have we learned that can protect our data and intellectual property? Start with making sure you fully understand what kind of service you are signing up for. It is like buying a car: There are many makes and models to choose from, so make sure you understand the options.

Also, you must understand the difference between software as a service and private services such as infrastructure hosting. It is very important that you and your team understand that when it comes to using a software platform, which could include using the tools, templates and processes of a platform provider, you may be giving up some of your rights to the intellectual properties you are creating.

There are many options when it comes to software, cloud-based applications, hosting and app development, and they all have value; however, make sure you are claiming your work product and the data created by it.

Some other basic guidelines to follow are:
• Always read the terms of service and ask questions. Don’t assume you understand them.
• If you are considering using a platform for development or work process management, it might be a good idea to engage legal counsel to ensure your data intellectual rights and data ownership rights are protected.
• Never stop backing up locally. This goes toward claiming your data if you are concerned about backup and having control; it could give you legal grounds to show you did not give up your claim.
• Check to ensure that your data is encrypted and that it is passed back and forth in a secure manner.
• Know where your data is stored. Laws vary from place to place, so make sure you are protected.
• Verify that your agreements clearly state that you own the data and that you are not giving anyone (for any reason) the right to use, transmit or mine your data without your permission.

Data rights are confusing and complicated. It is only going to get worse as technology moves forward and we continue to expand the use of cloud-based applications and platforms. Like with many things in life, you have to claim what is yours. Put processes in place to make sure you are not giving up your rights to that data; institute work processes that continuously reinforce your claims. Some of the basic commonsense things you can do that we sometimes take for granted are:

• Have written corporate policies, acknowledged by employees and vendors, that you are not giving up your rights to the data or intellectual property.
• Use software that helps you manage and monitor your data and limits users’ ability to move, copy or delete files without your permission.
• Do not allow the use of personal file-sharing applications or programs that are not controlled and owned by the company.
• Do not allow the use of external storage devices that can be removed from company control.
• Limit access to data archives and data retention systems only to those who need access to perform their daily functions.

So, let’s ask the question again: Who owns your data?
This is a gray area, with legislation not keeping up with modern technology or the use of that technology. The real protection comes with your willingness to claim and protect what is yours by having good agreements in place and showing through work process and policies that you are claiming your rights to that data.

Someday Congress and the courts will catch up and most likely clarify or at least set some legal precedents to guide us. Until that happens, it is up to you to protect and own your data, or someone else will.

Scott Lewis is the president and CEO of Winning Technologies Group of Companies. Scott has more than 30 years of experience in the technology industry and is a nationally recognized speaker and author. He has worked with businesses to empower them to use technology to improve work processes, increase productivity and reduce costs. Winning Technologies’ goal is to work with companies on the selection, implementation, management and support of technology resources. Learn more about Winning Technologies at www.winningtech.com or by calling 877-379-8279.
Submitted 4 years 267 days ago
Categories: categoryTechnology
Views: 1976