The migration of personal and financial data to the cloud has highlighted, for both financial institutions and their regulators, risks associated with data breaches.  This migration has involved third-party cloud services vendors storing and processing such personal and financial data on behalf of their financial services customers.

Cloud service offerings for financial services customers are expected to comply with the myriad of laws and regulations applicable to the financial services industry, to include the Gramm-Leach-Bliley Act, FFEIC (Federal Financial Institutions Examination Council) requirements and state data protection and privacy laws.   Cloud service vendors, however, may face challenges assuming an obligation to comply with industry-specific laws and regulations.  They offer cloud services in a multi-tenant environment; their customers represent numerous industries subject to varying legal and regulatory frameworks.  Accordingly, customers may be confronted with an obligation to themselves ensure the compliance of their cloud service with industry-specific laws and regulations.Continue Reading Financial Services Compliance Obligations Under the Cloud