Feb 20: Legal Issues with Software-as-a-Service

Play Feb 20: Legal Issues with Software-as-a-Service
Sign in to queue


This module covers considerations for some of the legal issues that apply to cloud solutions, including:

  • Service Level Agreements (SLAs)
  • The impact of the Patriot Act and other privacy laws in various markets
  • How to manage third-party applications and add-ons that link to your solution
  • Cyber-liability

Do you have questions about some of the legal issues you might face? Join Harald live in the comments section for Q&A on Thursday, February 20 from 10am-11am, Pacific time (UTC -8:00).

This session is the last in the series "Building a Next-Generation Software Business." You can find all the sessions on the series page.

For more ISV resources, visit the Microsoft Partner Network's ISV community resource portal, or find more business resources here on Channel 9.


Azure, Cloud, Business



The Discussion

  • User profile image

    I would like to know if the Patriot Act applies because:

    • Azure is hosted on US soil, or
    • Microsoft is a US based company.

    Would the Patriot Act apply if Microsoft opened an Azure Datacenter in a foreign country?

    Would the Patriot Act apply if a foreign company hosted an Azure Datacenter (using Microsoft products) in a foreign country?


  • User profile image

    @Gleadall: We cover this today, but it does apply.  The Patriot Act applies to personal information on foreign nationals that is stored on a datacenter owned by a U.S. company, or the subsidiary of a U.S. company, regardless of where the datacenter is located. 

  • User profile image

    @hhorgen: Thanks.

    Is there a link to the event? or are you recording with the live twitter questions and then post-event publishing?

  • User profile image

    @Gleadall: It is supposed to go live at 10 am Pacific today , and will be available on this page.

  • User profile image

    @Gleadall: It is in the process of being uploaded - stay tuned!

  • User profile image

    My apologies, everyone - the delay was my fault. The Webinar should be in place above momentarily.

  • User profile image

    @hhorgen: You mentioned that the Patriot Act applies to PII (Personal identifying information), and a hybrid (public cloud <--> datacenter) solution. This would allow me to store the PII "on prem" and link that end user to the public cloud using a "CustomerID" of some sort.

    The only information stored in the public cloud would be the 'CustomerID' along with their other non-PII data (ie: items in their shopping cart).

    One other interesting question relates to my hosted Datacenter being 'bought-out' by a different company. If I pay for hosting my servers in a datacenter that is owned by a Canadian company, which subsequently gets bought-out by a US firm, Patriot Act would now have legal access to my data?

    Thanks for the information provided in the session. It has confirmed the public cloud - datacenter hybrid approach that we are designing.

  • User profile image

    @Gleadall: Yes, to both of your points/questions.  Anonymizing PII before storing it in the cloud is a good work-around that is used by a number of applications.  And yes, a foreign datacenter purchased by an American company would become subject to the Patriot Act.  As mentioned during the webinar it is more of an emotional issue than a legal issue, but emotions drive a lot of business decisions.  One of the ways Microsoft is addressing the challenge is to work with local datacenters that effectively license and run the Azure infrastructure (this is happening in Australia, for example), thereby eliminating the Patriot Act from the equation.

Add Your 2 Cents