When you sign up for cloud services or applications, do you read the terms and conditions before you accept them? If you are like most humans, you probably skim the T’s & C’s and quickly click “I agree” to move on.
Who’s really going to read all 36,275 words of PayPal’s terms and conditions, which happen to exceed the entire length of Shakespeare’s work “Hamlet” by an additional 6,000 words?
Most cloud services have good-intentioned terms and conditions meant to protect both the company and its users. However, some companies overreach by including clauses granting them ownership of your data or the ability to make private data public in order to drive ad revenue. Some companies even have a bit of fun knowing most people won’t read them.
Check out our slideshow of some of the sneakiest terms and conditions we discovered:
Sneaky terms can be serious business
Sneaky terms and conditions can expose companies to risk when employees don’t read and understand the terms before uploading confidential company information. There are multiple areas to look out for:
- Jurisdictional location – If legal action must be taken, what jurisdiction will apply?
- Data ownership – Some companies claim ownership of your data uploaded to their service and the right to republish it or resell it to third parties.
- Data privacy – Services with an expectation of keeping data private should enumerate under what circumstances data can be made public.
- Responsibility for data loss – What happens when important data is deleted, lost or stolen?
- Data retention after account termination – The omission of this clause in the user agreement is reason to worry.
Keep in mind that terms and conditions can change at any time at the whim of the vendor. Once you understand the T’s & C’s of your preferred cloud services, you can stay up to date on periodic changes by using trackers like Docracy.
Fortunately someone’s paying attention
So, what do you need to do in order to avoid sneaky T’s and C’s and securely enable cloud for your business? We recommend leveraging third-party services, such as a CloudRegistry, to understand risks of these terms and conditions. The registry will:
- Read all of the T’s and C’s for every service,
- Produce an objective risk rating that incorporates a detailed legal risk assessment based on the T’s and C’s, and
- Continually monitor the cloud services for any changes that may affect the risk to the business.
Taking this measure might prevent your coworkers from unwittingly agreeing to release their content, allowing their names and likenesses to be used in ads, or agreeing to cover the vendor’s legal fees if an issue arises.
CASB Magic Quadrant 2019 is here – McAfee a Leader for third consecutive year
CASB RFP Template: 200+ Common Questions Enterprises Are Asking
9 Cloud Computing Security Risks Every Company Faces
Office 365 Security Concerns: Download Definitive Guide to Office 365 eBook
51 AWS Security Best Practices