Knowledge

Data Residency: Why is it necessary?

If your business collects sensitive customer data, there are many guidelines you must follow. These guidelines include where you store your customer’s data. Data residency, or where geographically you store sensitive data, can impact the laws your data is subject to, including taxation and privacy laws.

What is Data Residency? 

Data residency refers to the physical or geographic location of an organization’s data or information. Similar to data sovereignty, data residency also relates to the data laws or regulatory requirements imposed on data based on the data laws that govern a country or region in which it resides.

Organizations that use cloud computing store data in the country where the data originated or beyond its borders. However, when businesses deliver hosted services over the internet, they can create data residency concerns. Often, cloud computing customers are unaware of their data’s physical location. So, as cloud providers store data globally across different data center locations, users need to be aware of their data’s local residency laws and regulations.

To understand which data laws and regulations govern their data, users need to know where their cloud provider’s data centers are located and research the data residency policies for each respective location. Additionally, cloud users should make sure that their service-level agreements (SLAs) with cloud providers establish where their data can and cannot be stored.

data residency

 

Data Residency vs Data Sovereignty vs Data Localization 

Although the terms data residency, data sovereignty, and data localization are often used interchangeably in conversation, each means something different.

Data Residency is the specific location that data is stored in, not the legal obligations that ensue because of that location. Data residency can also be the act of managing where data is stored to take advantage of different tax laws or regulations.

Data Sovereignty, on the other hand, is the acts of the government in which the data resides. Data sovereignty laws are used to subject the data inside the country’s borders to the laws of that country.

This distinction is important for your company and customers. Storing your customer’s data in another country may give that government the right to access their data. The right to access your company’s data will differ from country to country. Certain countries have strict data sovereignty laws, so it is important to be aware of the potential ramifications of storing data internationally.

Data Localization refers to laws that require data created within certain borders to stay within them. Data localization protects both government and individual rights. Data localization laws ensure that individuals maintain the rights their country affords them for their personal data. Without data localization, the protections afforded to the individual the data belongs to could wildly differ based on where your company stores its data. It also allows the country of origin to maintain authority over its citizen’s data.

If data needs to be used in two separate locations, there are still ways to satisfy data localization requirements. As a good rule of thumb, always keep a copy of sensitive data within the borders of the country of origin. However, keep in mind that some countries are particularly strict. India’s data localization laws, for example, have restrictive guidelines for the storage and transfer of citizens’ personal data.

Some Requirements

Data sovereignty and data localization can get complicated quickly. If you are worried about data residency compliance, keep the following guidelines in mind:

  • Understand where your sensitive data is created and stored.
  • If data is stored in multiple places, keep a copy of the original data stored in the country of its origin.
  • Use either an encryption or tokenization platform to secure data before transmitting it between jurisdictions.
  • Store encryption keys locally to keep sensitive data out of the hands of unwanted individuals or governments.
  • Keep your data backed up and ensure that those backups are securely stored.
  • If you store data in the cloud, understand how and where your data is stored.
  • Make sure that your cloud partner also follows all the privacy regulations you are subject to.
  • Understand which governments may have access to your data and what the laws of that country entitle the government access to.

To secure your data, you must also understand where it is stored and who has access to it. If you store data in multiple countries, be aware of the access those countries are entitled to. By tracking your data’s residency, you can understand the laws your data is subject to. This is key to maintaining compliance with both data sovereignty and privacy laws.

 

data residency

How can businesses mitigate Data Residency risks?

Setting up dedicated servers inside countries with data-must-stay regulations is one approach, but far from an ideal one. Rader says: “It’s super expensive and you need on-prem resources, human resources. I don’t think anybody starting fresh is trying to approach it that way unless there’s some giant restriction associated with it.” On top of all that, the traditional “full-stack control” model has little to no impact on data security.

Amazon Web Services cites an example of a high-profile breach of a US government agency affecting more than 20 million federal employees that took place in an on-premises environment because of compromised user credentials. “Any system architecture lacking the appropriate security protections presents a credible attack vector, without regard for the physical location of the infrastructure or system,” the white paper concludes.

Conclusion

Data residency is an ever-evolving concept with varying national approaches. Although there is still debate on the necessity of such rules, jurisdictions are increasingly enacting laws and regulations leading to more complex regulatory frameworks. Notably, as a result of the ubiquitous nature of residency, organizations must consider their obligations and keep a watchful eye on changing rules.

Knowledge

Other Articles

What is an Optical Network Terminal (ONT)?

Optical fibers are the information superhighways of... Dec 2, 2024

What is Optical Fiber Technology?

We are aware that optical fiber has... Dec 1, 2024

What is an Optical Network?

Businesses rely on high-performance internet connections to... Nov 30, 2024

What is Active Optical Network (AON)?

What is Active Optical Network (AON)? With... Nov 29, 2024

What is Passive Optical Network (PON)?

Passive optical networks (PONs) are a type... Nov 28, 2024

What is Synchronous Digital Hierarchy (SDH)?

What is Synchronous Digital Hierarchy (SDH) in... Nov 27, 2024

BLACK FRIDAY EXTRAVAGANZA 2024

Black Friday is Coming to GreenCloud –... Nov 27, 2024

What is Synchronous Optical Network (SONET)?

What is Synchronous Optical Network (SONET)? Synchronous... Nov 26, 2024

Related posts

What is an Optical Network Terminal (ONT)?

Optical fibers are the information superhighways of the modern world. And to use it better,...

What is Optical Fiber Technology?

We are aware that optical fiber has completely revolutionized the communications industry. A core, cladding,...

What is an Optical Network?

Businesses rely on high-performance internet connections to streamline their operations and drive growth. Adopting fiber internet...