November 30, 2015

Living In A Post-Safe Harbor World

By Ron Hovsepian

Living In A Post-Safe Harbor World With the striking down of the Safe Harbor agreement in October, we have seen the tip of a data privacy iceberg whose global implications will play out well into the new year. In 2016, U.S. businesses can expect a regulatory domino effect that will occur region by region, as […]

Living In A Post-Safe Harbor World

With the striking down of the Safe Harbor agreement in October, we have seen the tip of a data privacy iceberg whose global implications will play out well into the new year. In 2016, U.S. businesses can expect a regulatory domino effect that will occur region by region, as more governments will take steps to protect citizen data, preserve national security interests, and build legal fences to protect local businesses. These evolving rules will be determined within various governments, with different privacy concerns driving each set of regulations. It’s likely to produce more chaos before consistency.

As we close out 2015, representatives from the EU Commission and the U.S. have been working on the terms of a new data-transfer framework that will meet the EU court’s requirements. For U.S. businesses, January 31, 2016 will be when things really get interesting. That’s the deadline for the European Commission to agree on new Safe Harbor rules with the U.S. Right now, EU officials are still seeking greater clarity regarding the extent to which U.S. national security services can access European citizens’ data. If no agreement can be hammered out by this deadline, companies are will have to find an alternative to Safe Harbor or face non-compliance fines.

What does this mean for cloud providers and their customers? Consider that Europe’s General Data Protection Regulation (GDPR), legislation that is supposed to be finalized by the end of the year, will govern both data controllers (typically, companies that gather and control how data is used) and data processors (for example, cloud storage providers), no matter where they are based. The GDPR will also restrict and control how EU citizens’ personal data is shared outside the European Economic Area.

From a U.S. business perspective, the GDPR is fraught with compliance risks. The latest draft of the GDPR call for fines of up to two percent of annual revenue for companies that violate the rules, raising the distinct possibility of billion dollar penalties enforced to make examples out of organizations that continue to be careless with private data. To put this into perspective, a company like Monsanto could face fines up to $300 million, and the penalty for a company like GE could be around $2.8 billion.

Cloud structure sea change

What will all of this mean for how U.S. firms do business in the future? In 2016, we will see organizations change their approach to data transport and access. For starters, they will need to localize data policies to comply with the nations and regions where they do business, as well as where their data flows. What this means is that each geographic region will have a set of guidelines specific to handling data, as well as separate guidelines for communicating externally. This is already happening in the EU, with Germany setting more stringent data privacy rules than the rest of Europe.

Further, organizations will also no longer be able to rely on centralized datacenters, and instead will need to rely on multiple datacenters, each subject to the specific region’s regulatory oversight. Businesses will also have to ensure that all of its cloud vendors meet the data guidelines set within each region in which it does business. We are already seeing a shift towards this model, with large providers such as Microsoft opening dedicated data centers in locations like Germany, the UK and Australia.

Making room for compliance in the C-suite

One way to handle these regulatory changes is for more private companies to add a new member to their C-suites: the Chief Privacy Officer. The CPO had historically been a role associated with Government agencies, but that is changing rapidly. Any organization that collects, processes, or uses personal information across borders will need to implement information security plans to ensure that the personal data in its control is adequately protected. That’s the role of the CPO, and in 2016, it will be in high demand.

Organizations who are proactive and come up with an action plan that aligns with the new regulations will be ahead of the game. This means having end-to-end control over who accesses their data, wherever it travels. Too many companies have been standing on the sidelines, passively waiting for their vendors or the government to solve this. As we race towards the January 31, 2016 deadline, it’s becoming clear that action is needed. Some companies are moving ahead to devise a global solution without depending on the promised Safe Harbor 2.0. Others are taking interim measures such as legal boilerplate language to protect them. The high visibility of some, such as social media or cloud computing vendors, puts them at a higher risk for possible EU regulatory focus. The bottom line, however, is that the EU court decision is forcing all organizations that were part of the Safe Harbor framework to make risk-based—not just legal—decisions.

By Ron Hovsepian

Ron Hovsepian

Ron is president, chief executive and director of Intralinks, a publicly-traded provider of beyond-the-firewall collaboration technology solutions for the enterprise. Previously, Ron served as president and chief executive officer of Novell, from 2005 to 2011. He has held management and executive positions at IBM Corporation over a 17-year period, including worldwide general manager of IBM's distribution industries, manager of global hardware and software development, sales, marketing and services. Ron currently serves as a member of the board of directors of ANSYS, Inc. Follow Ron on Twitter: @RonHovsepian.

Exploring SaaS Directories: The Path to Optimal Software Selection

Exploring the Landscape of SaaS Directories SaaS directories are vital in today’s digital age, serving [...]
Read more

A.I. is Not All It’s Cracked Up to Be…At Least Not Yet!

Exploring AI’s Potential: The Gap Between Aspiration and Reality Recently Samsung releases its new Galaxy [...]
Read more
Steve Prentice

Get Smarter – The Era of Microlearning 

The Era of Microlearning Becoming employable and then staying employable requires ongoing, up to date [...]
Read more
Metasploit-Penetration-Testing-Software-Pen-Testing-Security

Leading Cloud Vulnerability Scanners

Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn’t help with [...]
Read more
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more

Lambda Cold Starts: What They Are and How to Fix Them

What Are Lambda Cold Starts? Lambda cold starts occur when AWS Lambda has to initialize [...]
Read more

SPONSORS

Interviews and Thought Leadership

Jeremy Smillie

Securing the Future: Insights from DevSecOps Expert, Jeremy Smillie

Welcome to another insightful discussion on CloudTweaks. Today, we have the privilege of delving into the dynamic intersection of DevOps, Security, and Tokenization with a seasoned expert in the field, [...]
Read more
Andy Hilliard

Accelerance CEO Unveils the Future: AI’s Role in Software Development

In this edition of CloudTweaks, we feature an insightful discussion with Andy Hilliard, CEO of Accelerance, a pioneering force in integrating artificial intelligence (AI) into the software development industry. Andy [...]
Read more

Exploring SaaS Directories: The Path to Optimal Software Selection

Exploring the Landscape of SaaS Directories SaaS directories are vital in today’s digital age, serving as key resources for businesses [...]
Read more

Leveraging Artificial Intelligence in Insurance Claims Analytics Software Development

Enhancing Insurance Claims Analysis with AI Technology Nowadays, digital technology affects all aspects of our everyday lives, and the insurance [...]
Read more

Gartner Predicts Solid Growth for Information Security, Reaching $287 Billion by 2027

AI continues to become more weaponized, with nation-state attackers and cybercrime gangs experimenting with LLMs and gen AI-based attack tradecraft. [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.