How Data Privacy Reform Is Wreaking Havoc

Data Privacy Reform Is Wreaking Havoc

Nations around the globe are stepping up efforts to better protect the personal data of private citizens. In particular, cross-border data security regulations and legislative reform is on the rise. The laws must evolve in order to mitigate theft, abuse and misappropriation of personally identifiable information (PII), better guard national security interests, and boost local economies. These reforms are all necessary and long overdue.

But as these nations seek legislation-based ways to adequately address how the PII of consumers, customers, employees, partners, and contractors are collected, stored and disposed, we’re also seeing global business strategies and processes being tossed into a sea of uncertainty.

Cloud computing is an established part of today’s international enterprise IT operational landscape, and adoption will continue rising over the next decade. More organizations of all sizes are turning to SaaS and cloud-based collection, storage and collaboration models to streamline efficiencies and share data easily on Multiple Devices across international locations. This migration to the cloud has been years, even decades, in the making.

Direct Conflict: Cloud vs. Data Privacy Laws

As we shift to mobile and cloud-centric computing platforms in the Workplace, we’re also making it more difficult to ensure the proper control of information and awareness of data flows in and outside of the enterprise network. The very nature of the cloud itself – fluid, centrally located, and available anytime from anywhere – is exactly what is creating new challenges for businesses that must comply with data privacy regulatory changes.

Pulse Check: Ovum Research

To develop a sharper picture of where organizations currently stand on their awareness and preparedness level for coming regulatory changes, Ovum Research surveyed more than 300 international IT decision makers. The results of this global research reveal a disturbing worldwide trend: a majority of enterprise leaders are confused about how new data privacy regulations apply to them, and are unprepared for the consequences of failure to comply.

Location, Location

From a legislative viewpoint, the matter of “where data resides” is critical as these new data privacy rules roll out. The Ovum research underscores that when it comes to the physical location of data, there is uncertainty and confusion.

Until now, a key benefit of the cloud was that businesses no longer needed to concern themselves with the physical location of their data. It was stored off-site, for all to share, as needed. Now, with the European Union (EU), Israel and the United States beefing up regulations with the goal of stopping the flood of Data leaks and stolen information, businesses must shift their approach to the cloud in a fundamental way. Suddenly, the location controlling the physical path of data matters.

The ability to control access to data and achieve regulatory compliance will heavily depend on the data’s location, a key factor in determining what legislation the data is affected by, and the level of access that should be available. Exerting control over data location is a challenge for many organizations, because most systems do not support the concept of data location being a business-related decision, and especially not cloud-based systems. Making matters worse, the exact definition of “data location” for regulatory compliance purposes varies from region to region. Organizations trying to achieve compliance will need options that offer control over data’s physical, logical, legal, and political location.

We are already seeing legal arguments being made in courts around the world that hinge on the fundamental concept of where data is located and controlled, and who has jurisdiction over that data (an example is the Microsoft case regarding data stored in Dublin, Ireland that is being requested by a US judge).

The Ovum research found that 50 percent of respondents’ organizations planned to change the primary approach to this control challenge during the next three years. This may suggest that organizations are waiting for a standard to emerge, and builds a strong case for an approach to cloud collaboration that provides various technical options, such as the ability to offer controls for physical and logical location.

No Control Over Cloud-based Services

It’s important to note that these data privacy regulations apply to cloud vendors, but they also extend to the individual companies using them. For example, the pending General Data Protection Regulation (GDPR) in the EU specifically targets any business that collects, stores, processes, and shares personal data on employees, customers, or partners. Failure to keep that information within the specific geographic location of the European Economic Area (EEA), whether intentionally or by accident (such as a data breach) will result in significant fines for that company.

Yet, the Ovum research tells us that many organizations are not leveraging available technologies to better protect sensitive data, either in the cloud or on-premise. Only 44 percent of survey respondents said they use technology to monitor user activities and provide alerts to data policy violations, and only 53 percent classify information to align with access controls. Almost half (47%) admitted that they have “no policies or controls” that govern access to consumer cloud storage and file-sharing system like Dropbox. This opens them up to enormous risk.

The Cloud: Here To Stay, But in Need of Better Control

While regulatory changes are wreaking havoc, that doesn’t mean that cloud services will fall out of favor. Just a few years ago, conversations revolved around whether the cloud should be trusted at all. Today, businesses do trust the cloud to protect the most sensitive assets, demonstrating a shift in sentiment toward its positive role in business today. The Ovum survey found that 58 percent of respondents trust the cloud for all business operations, despite the potential impact of pending data privacy regulations, all of which intend to change how data is stored, transferred, and processed around the world.

 

So, even with the changing regulatory climate, cloud computing is a decision that’s already been made. And yet, regulating cloud-held data is poised to become the biggest challenge facing legal practitioners, politicians, and businesses as they try to balance privacy with access and productivity. The cloud can still work in this new world of data privacy reform, in reality cloud services may be a more appropriate solution to the data sovereignty challenges as cloud vendors are already having to address the sovereignty issues and architect their solutions to address an ever changing landscape.

Enterprises are likely to lean more heavily on cloud vendors to be a part of the bigger solution rather than try to unravel the ever changing requirements single handedly. However, it will need greater control and visibility in each region where companies operate.

By Daren Glenister

Bittitan

Episode 6: Cloud Migration: Why It’s More Important Than Ever

The Importance of Cloud Migration Moving fully to the cloud is still a concern for many companies, but with millions of employees working from home, there’s an even greater need to migrate. Mark Kirstein, VP ...
AI and ML: Key Drivers to Building a Resilient Business

AI and ML: Key Drivers to Building a Resilient Business

The future is here. It’s 2021 and it’s already time for businesses to ready themselves for the new decade. The previous year has shown us that you have to be prepared for both expected and ...
Sebastian Grady

Digital Transformation – Updated Metrics for the Cloud Era

Cloud Era Metrics Undertaking digital transformation means also transforming how IT success is defined, including metrics that address business in the cloud.  With up to 90% of budgets spent keeping the lights on, cost is ...
Calculation Real Costs

The Importance of Intelligent Monitoring & Detecting Unexpected Cloud Usage

The Importance of Intelligent Monitoring Most people have experienced sticker shock at one time or another. Eyes tend to bulge when they scan down to the bottom line of an itemized hospital bill! Similarly, CIOs ...
Thomas Franklin

Future of Stock Markets : Raising Capital Through ICO is 10x cheaper and 20x easier

Future of Stock Markets: Raising Capital Through ICO How blockchain will replace the stock markets as we know them today. Welcome to the future. It’s a beautiful Monday morning of 5th June, 2023. Jane wants ...
Mark Barrenechea

Security is Job 1: Machines vs. Machines

Digital is redefining cybercrime and cyberwarfare Cyberattacks today are multi-stage, hard to discover and highly targeted. Some security threats are accidental, stemming from unauthorized employee access. As much as 38% of attacks come from internal ...