Years ago, it was usual for an organization in charge of personal information (PI), to manage large amount of documents (paper or electronic) in its own office, in paper format or in computers or networks. But new trends associated to cloud computing are changing ways to seeing legal aspects of information management. First, the notion of “control” – as a basic principle in privacy issues – need to be reconsidered to be consistent with the new reality. Second, the liability of different actors involved in the all process (as data controller, ISP, person in charge of custody, etc.) would be necessarily redefined between them depending of what they do, or documents (policies and procedures) and contracts they produce. That said, persons in charge of PI retention and control would be forced to make choices (taking into account the sensitivity, level of risk, categorization of information, etc.). This course will offer some guidance to help actors to take the good choices and improve technical and legal security.