This post is the eighth in a series addressing concerns organizations may have that prevent them from moving the cloud-based solutions.
Cloud computing is global and a growing number of cloud solution providers are global as well. Data stored in the cloud can end up in data centers in other countries and jurisdictions with differing laws and level of privacy protection. In addition, organizations may be subject to laws or regulations that restrict data from being stored across national boundaries or in other jurisdictions.
Some risk exists in national or local laws related to data privacy and ownership.
Learn Before You Leap
Before signing on with a cloud provider, ask the questions about where data is stored and how the provider is protecting your data from foreign governments and other interests. Review all contracts, agreements, and vendor policy statements to ensure they are consistent with the message you hear from the sales team.
Look for adherence to privacy standards based on international treaties, such as Safe Harbor and EU Safe Harbor. While these programs cannot eliminate all risk, they do set reliable standards and ensure the vendor has a process for managing any issues that arise.
Explore options with your vendor. Many cloud vendors allow customers to select specific data centers in which their systems will run and/or data resides.
Seek out some knowledge about the privacy laws and regulations in the countries in which your data may reside (many Canadian firms, for example, see the US Patriot Act as a risk when data resides in the US).
With a small amount of due diligence, organizations can judge the vendor’s competency in managing data privacy and ownership across boundaries, and can ensure the cloud solution meets the organization’s needs above all.
Next Post in the Series: Coming Monday June 10th
Previous Post in the Series: Regulatory Compliance