Daren Glenister

The Collision of Cloud and Data Privacy

Cloud and Data Privacy

The “cloudification” of everything from data storage to applications to security services has increased the availability of free-flowing data, allowing business to access anything from anywhere. However, it’s raised serious concerns about the security of personally identifiable information (PII) collected and shared by businesses and government agencies across international borders, and a global data privacy movement was born. Leading the charge on data privacy reform is the European Union (EU) – where consumer privacy is seen as a fundamental right. As a result, data location now matters in the cloud, and businesses must be prepared to know exactly when, where and how this data is shared across geographic borders.

dread-security

(Image Source: Shutterstock)

While data privacy is quickly gaining steam across the entire globe, steps the U.S. and EU are currently taking will likely shape the debate for years to come. The recently passed General Data Protection Regulation (GDPR), which goes into effect in 2018, establishes a framework for all 28 EU member nations, providing a comprehensive and unified way for businesses to properly handle sensitive data belonging to EU citizens. Of the restrictions the GDPR places on global, multi-national businesses, the proper handling of PII is front and center.

The other major data privacy issue, the EU-US Data Privacy Shield to replace Safe Harbor, more narrowly addresses the flow of personal data from the EU to the U.S. However, an initial draft of the new framework was deemed inadequate by the EU Parliament’s influential Article 29 Working Party and cannot be relied upon until it passes the test in the EU court, leaving thousands of businesses in limbo.

No More “Go With the Flow

Information-intensive business processes rely on SaaS, and this, coupled with a shift to mobile computing platforms, means controlling data location and complying with privacy regulations is extremely challenging. As new regulations come to pass, they may put U.S. companies at an even greater disadvantage by adding to the confusion over the consequences of non-compliance. According to the latest draft of the GDPR, for example, any U.S. business involved in the processing of EU consumer data – whether directly or via third-party entity – can be held liable for a breach, resulting in fines of anywhere from $1.7 million up to 4 percent of a business’ global revenue, depending on where the data violations occurred.

cyber-security

Whether your data lies in the public, private or hybrid cloud – it needs to be constantly evaluated in order to truly assess risk potential,” said Simon Leech, chief technologist, Security, Hybrid IT at Hewlett Packard Enterprise. “The owner of the information is ultimately responsible, which is why it is vital for companies to establish a true culture of security at all levels within the business.

Businesses should be addressing potential data privacy violations now in order to make complying with new regulations easier. There are some approved mechanisms that can be put in place while the specifics are hammered out, such as:

  • Binding corporate rules (BCR) – BCR are a set of legally enforceable rules for the processing of personal data that ensure a high level of protection is applied when personal data is transferred between members of a corporate group. Once a set of BCR has been approved by the relevant national data protection authorities, they will ensure that adequate data privacy safeguards are in place to meet compliance.
  • Hiring a Chief Privacy Officer (CPO) With data privacy regulations like GDPR and EU-US Data Privacy Shield, companies that regularly handle sensitive data on a large scale or collect information on many customers should consider designating a data protection officer that can quickly make decisions based on the evolving regulatory landscape. The CPO will be responsible for all data protection matters on a day-to-day basis, and should be involved in vendor decisions that may handle PII.
  • Investing in the IT team – Let’s be clear: complying with these new data privacy regulations will be expensive. But the cost of non-compliance will be even greater, meaning IT teams will face more pressure than ever to protect data from breaches and unauthorized access – both from internal and external threats. Fines will be levied whether the transfer of data was intentional or accidental. Unfortunately, IT teams are woefully underprepared to comply with GDPR as it is.
  • End data hoarding Technology has made it increasingly cheaper and easier to store data that many businesses simply do so as a matter of course. But big data isn’t necessarily better data, and businesses should adopt a data-minimalist approach to ensure greater control and reduce risk.

Data privacy has become a global issue affecting all companies that operate internationally, particularly those that have adopted cloud technologies. Companies can continue using the cloud as long as they’ve put procedures and systems in place to ensure that EU citizen data resides in the country of record. This includes not only validating how any personal data is collected, stored, processed and shared, but also how the business can prove continuous compliance. Setting up local datacenters will help solve the location-focused burdens of the new regulations, but it’s not enough. Companies will still need to maintain control over the entire lifecycle of EU citizen data, as well as who has access to it and from where.

By Daren Glenister

Daren Glenister

Daren is the Field Chief Technology Officer for Intralinks. Daren serves as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements.

Glenister brings more than 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software, having worked with many Fortune 1000 companies to turn business challenges into real-world solutions.

View Website
Philips teams with HPE on ecosystem approach to improve healthcare informatics-driven outcomes

Philips teams with HPE on ecosystem approach to improve healthcare informatics-driven outcomes

The next BriefingsDirect healthcare transformation use-case discussion focuses on how an ecosystem approach to big data solutions brings about improved healthcare informatics-driven outcomes ...
Technology Influencer in Chief: 5 Steps to Success for Today’s CMOs

Technology Influencer in Chief: 5 Steps to Success for Today’s CMOs

Success for Today’s CMOs Being a CMO is an exhilarating experience - it's a lot like running a triathlon and ...
Resolving the Normalization of Deviance by Building a Culture of Communication

Resolving the Normalization of Deviance by Building a Culture of Communication

Building a Culture of Communication Real-time monitoring and corresponding alerts are critical for maintaining the performance and security of today’s ...
5 Ways the Cloud and IoT Have Transformed the Transportation Industry

5 Ways the Cloud and IoT Have Transformed the Transportation Industry

IoT Transportation Industry The Internet of Things has caused many industries to evolve - but few more than transportation. Here ...
The Smart Cloud - Microsoft Wants to Streamline AI Adoption

The Smart Cloud – Microsoft Wants to Streamline AI Adoption

Microsoft Streamline AI Adoption Artificial intelligence, or AI, has begun to see incorporation into more and more of the technologies ...
The Next Wave of Cloud Computing: Artificial Intelligence?

The Next Wave of Cloud Computing: Artificial Intelligence?

Cloud Computing and Artificial Intelligence Over the past few years, cloud computing has been evolving at a rapid rate. It ...
3 Major Concerns For Cloud Computing In 2017

3 Major Concerns For Cloud Computing In 2017

Cloud Computing Concerns With the rise of cloud computing, different concerns about adopting the cloud have arisen over the years ...
Do You Feel Lucky? Why Risk Losing Your Data?

Do You Feel Lucky? Why Risk Losing Your Data?

Why Risk Losing Your Data As your world goes increasingly digital, information and data are your family jewels. Protect them ...
Trading Routine: How To Track Suspicious Events In Different Locations

Trading Routine: How To Track Suspicious Events In Different Locations

Tracking Suspicious Events Financial security can be compared to a constant arms race between cyber criminals and businessmen who try to ...
Cloud Access Security Broker and the Cloud-based Business Role

Cloud Access Security Broker and the Cloud-based Business Role

Cloud Access Security Broker (CASB) Cloud is the new address for businesses nowadays. The number of applications, hosted on the ...