A growing utilization of distributed computing resources across the globe, with data being regularly moved from country to country, causes a concern for the data owners that their data and the mechanisms of its movement may violate various international, national or local laws and regulations or expose such data to unintended access. These issues are collectively known as data residency.
Contents
- Types of Data Posing Residency Issues
- Residency Sovereignty Privacy and Security
- Potential Consequences of Data Residency Violations
- Examples of Data Residency Issues
- Approaches to Resolving Data Residency Issues
- References
This subject is broader than just the protection of personally identifiable information (PII). It also concerns the right to move "sovereign" data, such as oil field data; the international licensing of genomics data; the distribution of bio metric data for security purposes; etc.
The growth of cloud computing solutions has heightened the concern of data custodians about the location of their data. However, even organizations that do not use cloud solutions are often exposed to data residency issues.
Types of Data Posing Residency Issues
The list of information that definitely or potentially poses data residency issues is rapidly growing due to the evolution of legislation around the world, and a rising awareness of the value of information about national resources around the world. The following list is therefore only a start:
Residency, Sovereignty, Privacy and Security
One of the few comprehensive computer, internet and data security guides to deal with the subject of mass surveillance techniques and data residency is Gunnar's Basic Internet Security Guide released in 2015 and provided to governments, corporations and the community free of charge. The guide was a direct response to Snowden's evidence of ongoing mass surveillance being conducted in part through the Internet. The book touches upon several aspects of data residency, sovereignty and security, including:
Potential Consequences of Data Residency Violations
Violations of data residency regulations, whether intentional or accidental, can expose the custodian of the data to:
Examples of Data Residency Issues
(to be completed)
Approaches to Resolving Data Residency Issues
In June 2015, the Object Management Group (OMG) created a Data Residency Working Group to explore how OMG can help address the issues through the development of new standards, for example to represent metadata about data sensitivity or residency constraints.
The European Union (EU) has some of the strictest privacy regulations in the world. All EU members state are required to have and maintain their own inclusive privacy laws that protect individual rights against information collection and processing by the government and private entities. The EU has implemented momentous data privacy laws since 1995 when the Data Protection Directive became law. In April of 2016, the EU adopted the General Data Protection Regulation (GDPR), four years after its proposal.
(to be completed)