Leveraging machine learning models for predictive maintenance of network services

Leveraging machine learning models for predictive maintenance of network services

Leveraging machine learning models As per lightreading's service assurance and analytics research study conducted with 100+ network operators and service providers, nearly 40% reported that issues around service assurance as a massive challenge. Service assurance is a big focus area for all the digital service
The Democratization of Business Software Technology

The Democratization of Business Software Technology

Democratization of Software Advances in the cloud have changed the way we interact with the world. From how we pay our bills to how we communicate to how we navigate city streets, the cloud's arrival has proven disruptive to the old ways of doing things.

DATA SOVEREIGNTY

India is following Russia and others in imposing data sovereignty restrictions that specify that data must remain in country. Meanwhile the European Parliament has called for the suspension of Privacy Shield from 1st September. How should ethical, customer-centric organisations respond?

India is just the latest in a number of countries to seek to implement policies that impose data sovereignty restrictions on the storage of data. It joins Russia and others in specify that data must remain in country. The emergence of such island of data sovereignty come just as the future of one of the main international data sharing frameworks comes into question.

A storm is on the horizon with the current status of the data sharing framework between the EU and the US called Privacy Shield being called into question. This is utilized by many organisations to demonstrate adequate levels of personal data protection permitting transfer of such data between the EU and the US.

Privacy Shield was adopted in July 2016 as a replacement to Safe Harbor. In a 2015 decision by the European Court of Justice, Safe Harbor was determined to provide inadequate privacy protection.

The EU and US authorities then hurriedly introduced Privacy Shield as a replacement legal framework. Under the Privacy Shield certification process, companies must self-certify their commitment to compliance with the Privacy Shield requirements. Oversight has been somewhat more rigorous in the EU, where privacy is seen as a human right, than in the US, where there has been minimal commitment to enforcing the framework.

A number of major issues have been identified, including:

  • Examples of major abuse: The Facebook / Cambridge Analytica scandal exposed ongoing abuses of the framework’s provisions that had not been addressed at all by US authorities (Facebook was certified under Privacy Shield).
  • Inadequate Oversight and Redress: The EU had been grumbling about the lack of a permanent, highly-qualified person in the role of ombundsperson. This was even before it was announced that Judith Garber, who had been acting in a temporary capacity as ombudsperson for Privacy Shield, would be the next U.S. ambassador to Cyprus. No replacement, temporary or permanent, has yet been announced for the ombundsperson role.
  • Legislative Conflict: the original certification framework was based on the now defunct EU directive 95/46, which replaced has since been replaced by GDPR. At the same time the US has recently reauthorization FISA provisions that allow for the collection of non-U.S. individuals’ personal data by U.S. intelligence agencies and has also introduced the CLOUD Act that which eliminates protection for data stored overseas, and also gives firms that operate in the US no legal recourse to withhold data from the NSA and other law enforcement bodies. GDPR, FISA and the CLOUD Act are not only yet to be reflected in the Privacy Shield framework, but also seen as being incompatible with one another, making their incorporation problematic.

Such concerns have lead European privacy organizations and agencies to call for the suspension and/or outright revocation of Privacy Shield. Similar concerns and challenges have been levelled against the “Standard Contractual Clauses”, which are another mechanism to ensure the compliant transfer of EU personal data out of the EEA to jurisdictions that the European Commission has not deemed to be “adequate”.

The continuing legal uncertainty about transferring personal data out of the EU has led many global companies, in particular those from the US, to establish data processing and storage capabilities within the EU, and in some cases specifically within the UK.

This enables the global giants to avoid the data transfer issues, but does not in itself address concerns about data jurisdiction. Foreign sovereign powers can and do demand access to data if the company holding that data is subject to the foreign jurisdiction. In the absence of any specific agreements between the EU and US about these kinds of data transfers, question marks remain over GDPR compliance, and there are further serious implications for Privacy Shield’s future.

How should ethical, customer-centric organisations respond?

All organisations operating in the EU and holding or processing personal data will need to be actively continuing efforts to achieve (and maintain) GDPR compliance. Those that also transfer data across the Atlantic and currently relying on Privacy Shield to demonstrate adequate data transfer protections, will also need to monitor developments regarding Privacy Shield and consider additional and alternative methods of demonstrating compliance. Those organisations that pride themselves in being particularly ethical and customer-centric may want to take further provisions, such a ensuring data sovereignty for all personal data.

Example: the NHS in the UK

Guidance from NHS Digital on the off-shoring and the use of public cloud services states that:

NHS and Social care providers may use cloud computing services for NHS data. Data must only be hosted within the European Economic Area (EEA), a country deemed adequate by the European Commission, or in the US where covered by Privacy Shield.

With the risks of revocation or suspension of Privacy Shield now escalating, reliance on Privacy Shield alone is inadvisable. Trusts could consider the use of the EU Standard Contractual Clauses, although these are also being challenged in the European courts, or prepare for whatever other methods are approved by the EU regulatory authorities following the Privacy Shield review. A more certain (risk-free) course of action would be to opt for complete data sovereignty for patient data by retaining the data in the UK and using a UK-based service provider for these workloads.

Firms that operate in the US are subject to US law, including FISA and the CLOUD Act, neither of which will easily be incorporated into the next version of Privacy Shield. While they can offer a level of data residency (offering to keep your data in the UK), the CLOUD Act eliminates protection for data stored overseas, and provides them with no legal recourse to withhold data from the NSA and other US law enforcement bodies, meaning that they cannot guarantee data sovereignty.

Recent research by the Corsham Institute highlighted increasing patient awareness of data privacy issues with a growing public desire for more information on data storage in the NHS. 88% of adults said that it is important to know where and how their patient data is stored and 80% said that it is important to know whether patient data is hosted by companies whose headquarters are outside of the UK.

While public confidence in the NHS is currently high, the significant increase in privacy awareness means that there’s a real risk that any incidents, such as a repeat of the Wannacry malware, could expose weaknesses in sovereignty, efficiency and data security, leading to a potential patient backlash. Further details of the Corsham Institute research can be found here.

With many Trusts already opting to ensure data sovereignty by placing patient data and workloads

with UK-based cloud service providers, there is no reason that other Trusts should not follow suit. After all there is no real need to move patient data off shore or to use foreign service providers, no real need for trusts to expose themselves to risks relating to the potential revocation or suspension of Privacy Shield and no real need to expose themselves to a potential patient backlash in the event of future incidents.

What does this mean for customer-centric organisations in other locations?

Well it might also be wise to follow the example of these Trusts and accelerate their move to the cloud in order to enhance operational efficiency, but do so without neglecting data sovereignty. If there is no real need to move private data off shore or store it with foreign firms, then why do so?

By Bill Mew

Bill Mew

Bill Mew, Cloud Strategist for UKCloud, Bill is a top global influencer on a range of technology issues from Privacy (GDPR) and Cloud, to OpenStack and Govtech.

BRANDED COMICS FOR YOUR NEXT CAMPAIGN

Get in touch with us regarding our introductory rates!

Remote Patient Monitoring – One of the Most Important Applications of IoT in Healthcare

Remote Patient Monitoring – One of the Most Important Applications of IoT in Healthcare

Remote Patient Monitoring The application of IoT in Healthcare services is bringing the paradigm shift in terms of how this ...
Dean of Big Data’s Favorite Infographic Picks of 2018

Dean of Big Data’s Favorite Infographic Picks of 2018

Big Data Infographics My last University of San Francisco School of Management class of the semester is coming up this ...
GDPR Compliance

A Quick and Dirty Guide to GDPR Compliance

GDPR Compliance Set a reminder: On May 25, 2018, the new General Data Protection Regulation directive from the European Union ...
Istio 1.0: Making It Easier To Develop and Deploy Microservices

Istio 1.0: Making It Easier To Develop and Deploy Microservices

With the recent availability of Istio 1.0 it is not surprising that it continues to capture much attention from the ...
Brand martech CMO

Martech: Brand Marketing is the New Demand Generation

First, An Apology Sorry, demand generation professionals. We still love you and your jobs aren’t going away. But, as you are well ...

Amazon strengthens ties with French food retailer Casino

/
E-commerce giant Amazon and French retailer Casino are expanding their partnership, with Amazon installing pick-up lockers in Casino stores and making more of the French company's products available on Amazon ...

Building Collective Confidence

/
Our understanding of the complexities associated with technology buying continues to improve.  We know that buying is frequently done by diverse teams.  We know that, in many cases, many of ...

Analytics and Data Management: Clearing the Data Clutter to Make Confident Decisions

/
Most people know that they store too much stuff in their homes. Bedrooms are messy, drawers don’t close, and closets are so stuffed that we dare not open them in front of guests. Sometimes we ...