How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Tina Your Own Question
Tina
Tina, Lawyer
Category: Legal
Satisfied Customers: 8775
Experience:  JD, BBA Over 25 years legal and business experience.
4460311
Type Your Legal Question Here...
Tina is online now
A new question is answered every 9 seconds

I am considering using a cloud-based accounting system but

Customer Question

I am considering using a cloud-based accounting system but am worried that it would give outsiders access to our complete accounting data. This is concerning on multiple levels. One, some of our accounting is sensitive and we certainly don't want hackers accessing it on the cloud or anywhere else. And, for legal reasons, if there are government concerns or any other legal entity with concerns about our company, we want to be able to address requests for access directly instead of leaving that up to a third party.
So, if an organization wants access to our accounting data, I don't want that organization to have the ability to simply send a request to quickbooks and grant access to our data without our knowledge and possibly without our permissions.
Can you clarify how the law would apply to cloud-based data storage providers?
Submitted: 10 months ago.
Category: Legal
Expert:  Brent Blanchard replied 10 months ago.

Thank you for your question.

The law applies the same to any cloud service as it would to an accountant in a brick-and-mortar firm in your own town: All records are confidential and privacy rights reign supreme UNTIL someone serves a subpoena on them.

As far as hacking and data breaches, that is more of a technical/computing security question than a legal question. Data breaches obviously involve someone breaking the law, but we all know how much of a "deterrent" being illegal is. Or isn't. Generally, there is usually more danger from someone "social engineering" their way into a company's computer system by tricking an employee into revealing a password, or just guessing the more commonly used INSECURE passwords like firstnamebirthyear, the name or birthday of a spouse or relative, or the name of that person's favorite sports team.

Unfortunately, most computer services have "terms of service" which release them from any and all liability for anything that might go wrong, including data breaches. Those contracts are generally binding. Read them carefully. As a business protection matter, it might be wise to look into whether the general liability insurance policy covers the business for loss of customer privacy (if that business has customers whose data could be breached), and if the property and casualty insurance policy provides compensation for monetary losses from the business being the victim of a data breach. I do not know if such coverage is offered, but it *should* be.

Thank you.