News & Media

Privacy and Data Protection – Where is my data?

Tweet about this on TwitterShare on LinkedIn0Share on Facebook0Share on Google+0Email this to someone

Many jurisdictions have laws that aim to control the handling and transmission of personal data – commonly the need to retain data sovereignty is either implicitly or explicitly defined in these and the need for control even when data may be held within the national boundaries by foreign firms is at least recognised.

We have seen this discussed with reference to personal data, but also in recent legal cases around US firms operating within other territories (including the European Union).

As we continue to operate as global businesses this problem won’t go away – legislation can impose requirements, but for multi-national companies or even small businesses who wish to make us of a third party, overseas cloud-based services the location and control over data is hard.

Sovereignty means not only have an idea as to where data is held, but who has access and control over it.  Post-PRISM, some countries and organisations have less faith in the protection of their information from foreign governments; but this hasn’t reduced the growth of (for example) cloud computing.  However, it has made organisations more circumspect around where data is and how to control it if the location (or hosting company) causes them concern.

This expands outside of the personal data/data protection space too – cloud based security and threat diagnostic solutions that gather information from customer systems and downstream networks to deliver back specific diagnostics or more general threat awareness have strong growth prospects, but understanding the way this data is used, protected and handled is going to be a concern for organisations and security teams – just as personal data has been for privacy officers and legal compliance functions.

If you have been attacked you probably do want external input to help understand and recover.  Despite this you might not want your internal system, vulnerability or exposure information to be completely public or out of your control.

Data sovereignty is certainly wider than just PII.

« Back to Huntsman News & Media Articles