The cloud has changed the shape of the data storage landscape drastically. It has ushered in greater cost efficiency, more flexible business practices and reduced resource needs. It has also shattered pre-existing geographical borders. This is due to the fact that information, even digital information, is still confined by the laws and regulations in the country in which it is stored. With businesses becoming increasingly perceptive to the benefits of cloud hosting, more issues and questions are surfacing regarding data sovereignty.
Simply put, where your data is located is important. Privacy laws and data jurisdiction/sovereignty all apply to digital data. Therefore, deciding where to house your data can require an understanding of the laws across countries. This is because there may be legal or ethical obligations to protect data in one jurisdiction but hand data over in another. As cloud computing allows for the effortless and efficient transfer of data to multiple locations globally, maintaining control of data can be difficult with the ever-changing global data laws.
Image source – Jean-Frederic Fortier (CC0)
Why location is important:
Location and jurisdiction are important for several reasons:
- Organisations are finding it increasingly important to ensure that their data remains within a cloud in their jurisdiction as it is therefore covered by their legal system. This can help maintain control of data.
- Storing important documentation in the cloud is becoming more common, so it makes it easier to copy and transfer documents between jurisdictions. This can be problematic if the data ends up in unscrupulous territory in the wrong jurisdiction.
- Foreign governments can more readily access your data if it is within their own jurisdiction and outside of yours. This is because being permitted access to data within a local jurisdiction is a lot more straightforward than having to obtain access to data under another nation’s jurisdiction.
- Data protection laws differ between countries. The laws and regulations of another country can differ greatly from laws in in your own country, in respect to both access of data and who can access it.
- Some countries or jurisdictions may be lacking in the same level of IT or data security that your own affords you. This can result in disproportionate security expectations and assurances across jurisdictions.
- Strategic significance to your organisation to maintain control of your data to avoid potential issues.
Image source – Bart Anestin (CC0)
What factors can cause issues?
There are a number of issues that can have legal implications. These include:
- Agreements or treaties between countries. Countries may have a mutual agreement concerning access to information or data that isn’t within their jurisdiction. These agreements can include things such as search, seizure or disclosure of stored data, collecting data on-transit or intercepting communications.
- Information flow. The transmission of data often requires it passing through many countries. Any of these countries can claim jurisdiction.
- Relation of your data to your HQ. The governments of countries that you operate in may be able to access your data that is stored elsewhere. For example, if you are based in the UK, the UK government may require access to your information even if it is located outside of the UK.
- Many countries have enforced new compliance regulations that require customer data to be stored in the same country as the customer resides. This is for data protection reasons and to avoid sensitive or confidential customer data from being stored elsewhere.
One of the reasons that there is uncertainty about the standardisation of data jurisdiction is the speed at which people have shifted to the cloud for data storage. This mainstream adoption has forced governments to scramble to keep up with this innovative technology and this has led to complications or unclear messaging regarding regulations.
How to abide by the law
In order to avoid running afoul of foreign jurisdictions you should try to:
- Brush up on the laws and regulations of the countries in which you wish to do business and where your organisation is based. This will help you to assure compliance and is essential if your organisation has to undergo any kind of mandatory regulation.
- Take a multilayer approach in order to ensure maximum security efforts. This can include encryption, two-factor authentication, remote wipe functionalities and internal measures to minimise or avoid data leakage.
- Encrypt your data. Using an encryption solution can secure your data. This should comprise all data, whether it is shared, in transit or at rest. It can also reduce concerns with jurisdictions when data crosses geographical boundaries.
- Control access to your data, ensuring that members of your cloud service provider are not permitted to access your data.
The role of cloud hosting providers
Businesses must be vigilant when it comes to choosing who will host their data. A good provider will strive to maintain a trusted relationship with their client and support their needs and this includes the issue of jurisdiction.
At Veber we aim to:
- Always involve you as a client in the case of data sovereignty issues and use any knowledge gained as a result to tailor our data management to suit you.
- Be pragmatic when it comes to hosting strategies and constantly vigilant of jurisdiction concerns. * Maintain complete transparency. This why you can see the location of our data centres.
- View the issue of data sovereignty as a strategic driver that allows us to develop the best possible solutions and not as a weakness
It is generally accepted that we can’t enjoy the benefits of cloud computing and the flow of data that it allows without accepting the jurisdictional issues and therefore we need to be forward-thinking and address these issues in a manner that can support demand.
Businesses must ensure that they protect their digital documents from prying eyes and unauthorised access to secure data. This in turn means allocating responsibility wisely. Cloud hosting providers must rise to the challenge of offering solutions that support data sovereignty and tackle jurisdictional concerns. There is no doubt that Veber (and other providers), our clients and government bodies must work together to ensure the benefits of the cloud are fully realised.
if you want to know more about the location of your data and how it impacts you legally get in contact with veber, we are managed cloud hosting experts.
Featured Blog Posts