How Data Privacy Reform Is Wreaking Havoc

18shares

Data Privacy Reform Is Wreaking Havoc

Nations around the globe are stepping up efforts to better protect the personal data of private citizens. In particular, cross-border data security regulations and legislative reform is on the rise. The laws must evolve in order to mitigate theft, abuse and misappropriation of personally identifiable information (PII), better guard national security interests, and boost local economies. These reforms are all necessary and long overdue.

But as these nations seek legislation-based ways to adequately address how the PII of consumers, customers, employees, partners, and contractors are collected, stored and disposed, we’re also seeing global business strategies and processes being tossed into a sea of uncertainty.

Cloud computing is an established part of today’s international enterprise IT operational landscape, and adoption will continue rising over the next decade. More organizations of all sizes are turning to SaaS and cloud-based collection, storage and collaboration models to streamline efficiencies and share data easily on Multiple Devices across international locations. This migration to the cloud has been years, even decades, in the making.

Direct Conflict: Cloud vs. Data Privacy Laws

As we shift to mobile and cloud-centric computing platforms in the Workplace, we’re also making it more difficult to ensure the proper control of information and awareness of data flows in and outside of the enterprise network. The very nature of the cloud itself – fluid, centrally located, and available anytime from anywhere – is exactly what is creating new challenges for businesses that must comply with data privacy regulatory changes.

Pulse Check: Ovum Research

To develop a sharper picture of where organizations currently stand on their awareness and preparedness level for coming regulatory changes, Ovum Research surveyed more than 300 international IT decision makers. The results of this global research reveal a disturbing worldwide trend: a majority of enterprise leaders are confused about how new data privacy regulations apply to them, and are unprepared for the consequences of failure to comply.

Location, Location

From a legislative viewpoint, the matter of “where data resides” is critical as these new data privacy rules roll out. The Ovum research underscores that when it comes to the physical location of data, there is uncertainty and confusion.

Until now, a key benefit of the cloud was that businesses no longer needed to concern themselves with the physical location of their data. It was stored off-site, for all to share, as needed. Now, with the European Union (EU), Israel and the United States beefing up regulations with the goal of stopping the flood of Data leaks and stolen information, businesses must shift their approach to the cloud in a fundamental way. Suddenly, the location controlling the physical path of data matters.

The ability to control access to data and achieve regulatory compliance will heavily depend on the data’s location, a key factor in determining what legislation the data is affected by, and the level of access that should be available. Exerting control over data location is a challenge for many organizations, because most systems do not support the concept of data location being a business-related decision, and especially not cloud-based systems. Making matters worse, the exact definition of “data location” for regulatory compliance purposes varies from region to region. Organizations trying to achieve compliance will need options that offer control over data’s physical, logical, legal, and political location.

We are already seeing legal arguments being made in courts around the world that hinge on the fundamental concept of where data is located and controlled, and who has jurisdiction over that data (an example is the Microsoft case regarding data stored in Dublin, Ireland that is being requested by a US judge).

The Ovum research found that 50 percent of respondents’ organizations planned to change the primary approach to this control challenge during the next three years. This may suggest that organizations are waiting for a standard to emerge, and builds a strong case for an approach to cloud collaboration that provides various technical options, such as the ability to offer controls for physical and logical location.

No Control Over Cloud-based Services

It’s important to note that these data privacy regulations apply to cloud vendors, but they also extend to the individual companies using them. For example, the pending General Data Protection Regulation (GDPR) in the EU specifically targets any business that collects, stores, processes, and shares personal data on employees, customers, or partners. Failure to keep that information within the specific geographic location of the European Economic Area (EEA), whether intentionally or by accident (such as a data breach) will result in significant fines for that company.

Yet, the Ovum research tells us that many organizations are not leveraging available technologies to better protect sensitive data, either in the cloud or on-premise. Only 44 percent of survey respondents said they use technology to monitor user activities and provide alerts to data policy violations, and only 53 percent classify information to align with access controls. Almost half (47%) admitted that they have “no policies or controls” that govern access to consumer cloud storage and file-sharing system like Dropbox. This opens them up to enormous risk.

The Cloud: Here To Stay, But in Need of Better Control

While regulatory changes are wreaking havoc, that doesn’t mean that cloud services will fall out of favor. Just a few years ago, conversations revolved around whether the cloud should be trusted at all. Today, businesses do trust the cloud to protect the most sensitive assets, demonstrating a shift in sentiment toward its positive role in business today. The Ovum survey found that 58 percent of respondents trust the cloud for all business operations, despite the potential impact of pending data privacy regulations, all of which intend to change how data is stored, transferred, and processed around the world.

So, even with the changing regulatory climate, cloud computing is a decision that’s already been made. And yet, regulating cloud-held data is poised to become the biggest challenge facing legal practitioners, politicians, and businesses as they try to balance privacy with access and productivity. The cloud can still work in this new world of data privacy reform, in reality cloud services may be a more appropriate solution to the data sovereignty challenges as cloud vendors are already having to address the sovereignty issues and architect their solutions to address an ever changing landscape.

Enterprises are likely to lean more heavily on cloud vendors to be a part of the bigger solution rather than try to unravel the ever changing requirements single handedly. However, it will need greater control and visibility in each region where companies operate.

By Daren Glenister

Daren Glenister

Daren is the Field Chief Technology Officer for Intralinks. Daren serves as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements.

Glenister brings more than 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software, having worked with many Fortune 1000 companies to turn business challenges into real-world solutions.

www.intralinks.com/

THOUGHT LEADERS

Artificial Intelligence’s Impact on Mergers and Acquisitions

Intelligent Deals: The Role of AI in M&A It’s no secret that artificial intelligence (AI) is revolutionizing many industries with its fast capabilities and predictive nature. From writing code to drafting documents, AI has become ...

How AI is Reshaping Business Operations for MSPs

Fueled by extensive demand in IT, healthcare, financial services, and telecommunication—initially spurred by the pandemic-driven frenzy to transition to remote working—managed service providers (MSPs) are busier than ever. As businesses adopt MSP services to upgrade, ...

AI-powered identity verification: what businesses need to know in 2023

AI-powered identity verification Even if you don’t want to admit it, doing business online in today’s environment poses a greater risk. Criminals are constantly on the lookout for vulnerabilities to exploit, including hacking, data breaches, ...

Impact of AI in Storytelling and Creativity

These are monumental topics that command volumes of diligent research, backed by empirical evidence and citations from subject-matter experts. Yet, I’m afraid we don’t have the time for this. In 2022, I had a video ...

Unleash the Power of AI Without Compromising Security: How Federated Learning is Changing the Game

The increasing adoption of technology and AI in business continues to drive concerns regarding sensitive data and the protection of assets. Organizations must implement tools to protect data while also leveraging that data to identify ...

The Need for Experts Goes Beyond AI

The Need for Experts The explosion in AI technologies has brought with it clear concern that easy answers and intelligent copywriting are now the domain of machines. This has led to the question of whether ...