Spelling out protections

These excerpts from the final draft of Los Angeles' contract with Google and Computer Sciences Corp. for cloud computing services highlight the special protections the city has sought.

An exit strategy [page 19 of PDF]

“If the City wishes to discontinue use of the Solution and retrieve all user data, administrative interfaces and open APls exist that provide access to all user data. With sufficient additional technical services resources and sufficient available bandwidth, all user data can be retrieved within 5 days, and Contractor will authorize the deletion of all user data within the Solution.”

Clear rights to proprietary data [page 28 of PDF]

“City's information…contained in any Contractor repository…shall be and remain the sole and exclusive property of the City. The City shall be entitled to an export of City Data without charge, upon the request of the City.”

Authority to inspect security programs  [page 29 of PDF]

“City shall have the right to review Contractor's information security program prior to the commencement of Services and from time to time during the term of this Contract. During the performance of the Services, on an ongoing basis from time to time and with reasonable notice, City, at its own expense, shall be entitled to perform, or to have performed, an on-site audit of Contractor's information security program.”

“…No more than annually, Contractor, at its own expense, shall conduct a SAS-70 or equivalent audit of Google's information security program and provide such audit findings to City upon formal written request.”

Parameters for e-mail storage [page 109 of PDF]

“Google agrees to store and process Customer's e-mail and Google Message Discovery (GMD) data only in the continental United States.”