Disclosure Rules Changing for Hosted Data (Update)

• Passage of the Clarifying Lawful Overseas Use of Data Act effectively ended a case concerning a U.S. warrant for e-mail stored in Microsoft’s Irish data centers.
• The act and a related agreement between the European Union and the U.S. Department of Commerce may reduce some of the data disclosure and privacy risks of using hosted services where data may cross borders.
• Organizations still need to understand the risk of not knowing about warrants or subpoenas issued for data in hosted services.

New legislation and changing regulations mean organizations should periodically review how to comply with updated data disclosure and privacy regulations for data they collect, transmit, and store, particularly data in hosted services.

(This report updates a previous report posted in July 2016, with new information related to the Microsoft Ireland e-mail case.)

Passage of CLOUD Act Only First Step

The Clarifying Lawful Overseas Use of Data (CLOUD) Act was included in, and therefore passed with, the 2018 Omnibus Budget Bill, which U.S. President Donald Trump signed into law on Mar. 23, 2018. The CLOUD Act legislates the following: