An information policy (also called data policy) determines
- the kind of information collected, created, organized, stored, accessed, disseminated and retained
- who can use the information
- any charge for access to the information, and
- if there is a charge, the amount charged.
Issues to be considered
- Ensure that the agreement allows the consumer to specify the physical location of their security‐sensitive content, or content subject to data residency requirements (specifically acceptable locations vary across industries and national legislation).
- Ensure that the service provider will not access the consumer's data, except when required by law and duly requested by law enforcement authorities.
- Under such circumstances, ensure that the agreement specifies that the service provider will give immediate notice, allowing the consumer an opportunity to file for a stay of the request.
- "Issues to be considered" section: Public Cloud Service Agreements: What to Expect and What to Negotiate, at 9.