The Importance Of Data Sovereignty For Cloud Users

There’s a dream of the cloud in which data flows freely around the globe, available anywhere, stored wherever is convenient, and detached from the normal concerns of information management. Technologically, companies don’t have to care about where their data is stored: it’s in the cloud and the cloud encourages users to be agnostic about which server, which data center, and even which country their data is housed in. But, legally and politically, the location of data matters a lot. Data sovereignty is a big concern for enterprise cloud users. For many, data is their business and the cloud has revolutionized the effectiveness with which that data can be used, including the ability to access it from anywhere in the world. But the political world is not as one where data is concerned. It’s a fractured landscape made up of national and supranational entities, each of which asserts its particular view of the nature of data, the rights that it and others have over data, how it should be kept, and particularly who can access it. Many governments assert that they have the right to seize data from the servers located in their territory. Some assert that they have the right to seize data wherever in the world it happens to be if the company that owns it falls under that government’s jurisdiction. The duties that companies have in the face of requests from governments vary widely—from states that give themselves limited powers of inspection, to those that give themselves vast and comprehensive powers of collection. Privacy and data security management laws can also differ considerably. The EU is extremely solicitous of the interests of its citizens where data is concerned, other nations are less so. It’s not so much that a particular nation is broadly unsuited as a location for data storage, and more that companies need to know where their data is so that they can be properly prepared to put processes in place to handle the specific regulatory burden. Knowledge is the key to managing data sovereignty. Data stored in Canada should be treated differently to data stored in the US, or in Europe, and damaging errors can be made if the company is mistaken about its location. Companies should ensure that their cloud provider can make guarantees about where their data is held to limit liability and enable them to properly plan for data management and for regulatory compliance. Image: Flickr/Jonathan Combe