February 4, 2015
By SafeGov Contributor, David Canellos.
The cloud empowers us with the flexibility to access data anytime and anywhere, but it’s where that data actually is processed and resides (think servers) that is driving debate and confusion between technologists, regulators and cloud users. To get a grasp of the issue, several countries have begun to implement data residency laws that restrict the flow of certain types of sensitive information outside the boundaries of their countries and limit who can access that information and from what locations.
Cloud data residency is defined as maintaining control over the location where regulated data and documents physically reside. While privacy and data residency requirements vary by country, users of cloud services need to consider the rules that cover each of the jurisdictions they operate in as well as the rules that govern the treatment of data at the locations where the cloud service provider(s) provision their services (eg, their data centers).
To illustrate the magnitude of the challenge, consider a German healthcare organization placing patient data in the cloud service of a US provider with the primary data center in France and the backup stored in the United States. Data flowing freely would bring not only German laws into play, but also those of France and the United States. Whose laws rule the data at any given time? What happens when the laws contradict one another? The cloud is the equivalent of opening Pandora’s Box for the enterprise’s data compliance and privacy professionals.
To read the article, click here.
David Canellos is President and CEO of PerspecSys.safegoveu