WASHINGTON - Congress should enact a law laying the groundwork for protecting consumers who use the Internet cloud to store data before states come in with an unwieldy patchwork of conflicting legislation, said Microsoft General Counsel Brad Smith on Wednesday.

Smith, who said Microsoft had invested billions to build a cloud infrastructure, called for federal laws that would would improve privacy protections and strengthen law enforcement in going after hackers.

He also urged companies building massive amounts of remote storage for data -- which is essentially what the cloud is -- to be upfront with consumers about how their photos, email and other data in the cloud might be used and what measures are being taken to fend off hackers and thieves.

It would mean that cloud service providers would be obligated to provide consumers in plain language about ... what rights they have -- the cloud service providers -- to use the information, he said. It would ensure that consumers get clear information on their rights.

Smith also was interested in discussing what sort of notification should be required of his company and others if their data storage facilities were hacked into.

If their information was stolen, typically I think people would say that the consumer ought to be notified. If somebody got access and looked at their account and read their email that might be an area where typically you would want people to be notified, he said.

In a speech at the Brookings Institution and in comments after the speech, Smith advocated legislation that would require cloud security be extremely tight but urged lawmakers to steer of requiring a particular sort of security.

You run the risk of it coming outdated, it said.

Senators John Rockefeller and Olympia Snowe introduced legislation last April which would have addressed cybersecurity issues.
The bill, which stalled amid vehement opposition in the tech sector, would have created a clearinghouse of information about cyber threats, established enforceable cybersecurity standards and required the licensing of cybersecurity professionals.

Asked about that measure, Smith said: What we're really trying to advocate is that we all step back and look at these various areas of the law and address them more comprehensively.

(Reporting by Diane Bartz; editing by Carol Bishopric)