CIOs and IT managers should consider
privacy laws above cost when outsourcing data storage, says
international data protection consultancy
Privacy Laws & Business
(PL&B).
Stewart Dresner, chief executive of PL&B UK, said the least
expensive options may mean data is stored in countries like the US
where data privacy is not guaranteed or India where there is no
legal framework to support it.
"Where data is held is one of the biggest strategic questions
for IT managers," he said.
Security legislation in the US allows authorities access to any
data stored in the country, which has led the
Swift international financial messaging network to begin
building a new operational centre in Switzerland to ensure European
data is not accessible by the US authorities.
A Swift spokesman said the centre in Switzerland was part of
plans to create geographical network zones and would be paired with
an existing site in the Netherlands to create a European zone by
the end of 2009.
He said the new operating centre was also intended to increase
Swift's network resiliency and help increase the organisation's
capacity for processing financial transactions.
Swift was criticised by European countries when the organisation
was forced to give US authorities access to financial transactions
after the 9/11 attacks in September 2001.
Dresner said Swift's decision was an important one and likely to
set a trend that other organisations will follow.
In India, he said the lack of a legal framework to protect data
privacy means the outsourcing industry is governed only by a
self-regulated code of practice and data privacy is protected only
by the
terms of the outsourcing contract.
"In Europe, business organisations have the benefit of contract
terms as well as a legal framework, which is leading the world in
data protection," he said.
"It is a more secure environment where there are civil and
criminal penalties [enforcing data privacy]," he said
Similar data protection legislation exists in countries like
Canada, Australia, Hong Kong, New Zealand and Japan, but in many
other countries laws are weaker and offer less protection.
The need for businesses to take care over where they store data
is one of the topics to be addressed at PL&B's
annual
international data protection conference to be held in
Cambridge next week.
Speakers include Information Commissioner Richard Thomas, who
will talk about the role and powers of his office.
Dresner said other topics include balancing privacy and
commercial objectives in social networking communities, the
prospect of European data breach laws, integrating privacy
compliance into corporate culture, and fitting data protection law
into global risk management programmes.
Analysts sense storage SaaS trend >>