Data Compliance Challenges for Geographically Dispersed Businesses
Companies may see business opportunities in diverse geographical areas, but with these opportunities come big challenges, and one often underestimated challenge is compliance of regulatory requirements for data.
The challenge comes from the fact that data compliance is neither uniform nor static. At last count, there are over 100,000 legal requirements relevant to multinational companies. Worse, the regulation landscape is constantly evolving and varies across markets.
One big misconception when it comes to data compliance is that laws vary only when the country changes. However, companies and data centers are often affected by multiple laws even when operating inside a single country. The best example is the United States, where every state has applicable data protection laws and regulations, which vary widely from one state to another. For example, a company operating in Kansas, and owning data on customers residing in Texas and California, needs to comply with the disclosure and breach mandates of all three states.
When it comes to offshore locations, data centers at remote locations need to deal with all these multiple regulations, as well as regulations of the host country. For instance, Singapore, a big data center hub, has its own set of data protection laws, and if the company as mentioned above stores its data there, the data center would need to comply with the relevant U.S. laws, state laws of Texas, California and Kansas and Singapore laws.
Many laws are restrictive in nature and contradict one another. For example, Europe’s financial regulator Commission de Surveillance du Secteur Financier (CSSF) prevents the transmission and storage of personally identifiable information (PII) of nationals outside their home country. Businesses and/or their data centers need to demonstrate the appropriate controls in place to comply with this legislation and that of the European Data Protection Act if they want to do business in places such as Switzerland, Luxembourg, Channel Islands and other countries where this law is applicable. Businesses wanting to take data to a remote location may, therefore, need to deploy an application that masks critical client-identifying data, besides ensuring cloud security and protection.
The problem is compounded by the fact that regulations are not static and keep changing day-by-day. A case in point is the recent amendment of breach notification and data protection laws by the state of California. Two new laws SOPIPA (SB 1177) and AB1710 regulate the use of student data and target data protection more broadly.
The only way organizations and data centers can keep up with such complex requirements is to be proactive with their data compliance requirements. They need to set up a comprehensive information security solution that delivers comprehensive protection across all data and supports compliance with regulatory standards and policy requirements. The solution needs built-in flexibility to apply different controls to data as requirements change or data moves from one location to another. Data centers should also adopt protection measures at the data level itself, over and above protecting infrastructure elements such as servers, databases, and networks.
At Lifeline Data Centers, we place a lot of importance on data center compliance, and we continue to educate and certify ourselves in order to remain compliant for all of our clients. To learn more about our compliant data center. schedule a tour with us today: