In today’s highly-regulated business world, the geographic location of data is as important as the technology that keeps it accessible and secure. Not only is the way data stored important to maintaining corporate policies, but so too is keeping data in a physical location that doesn’t breach industry regulations.
There’s no lack of rules governing business today, such as HIPAA in healthcare and Sarbanes-Oxley for public companies. Then there are the ever-growing list of corporate policies and customer service agreements to meet. Of course, businesses must be adept when it comes to securing their data and networks, and must understand the implications of physical storage locations. This is a lot for any single company to manage efficiently today, in our world of razor-thin IT budgets and staffs.
Another wrinkle concerns The Patriot Act, which grants the U.S. government the power to intercept or seize any data stored in or that passes through the U.S., regardless of where the data was collected. This summer, Microsoft noted that data stored on its EU cloud service is subject to The Patriot Act, since Microsoft is based in the United States.
The question of the cloud
A growing number of businesses are taking their corporate (including customer) data to the cloud, but there has to be caution around where sensitive data is stored and who might have access to it. Businesses that operate internationally and collect personal data around the world need to understand the applicable privacy and data compliance laws. For example, storing private customer data from a European nation in a U.S.-based data center where Patriot Act provisions expose that data to inspection and seizure without informing the targeted individuals would breach the EU’s Data Protection Directive.
Some companies hesitate to move critical applications and data to the cloud, given concerns around how they will control different data sets and deal with the complexity of compliance. Managing cross-border data storage and access requires planning, legal review and close collaboration with outsourcing and hosting partners.
The cloud has become a global phenomenon, with applications and data stored around the world in a way that’s invisible to the end-user. Yet data is geographic (or at least geopolitical) in nature and has to be treated with that reality in mind. This will be a challenge for data center managers and CIOs, as companies increasingly use the cloud and outsourcing to run their businesses. If cross-border risk management isn’t part of your data strategy — it’s time to make it so.