Discuss, debate and exchange ideas on latest trends and opportunities in the Business Process Outsourcing (BPO) landscape. Deliberate on adding “business value” to clients, vendors, employees and various other stakeholders to enhance customer satisfaction and sustain long term partnerships.

« Do you know how you fail? | Main | Mobile Travel Policy. Do you have one? »

How will the 'Cloud' survive without the 'Safe Harbor'?

Cloud_9678_1.jpg
 
The European Court of Justice delivered a judgement in a particular case in 2015, which sent a very strong message that safe harbor alone was inadequate to ensure the protection of personal data.


Safe harbor is the agreement between the United States Department of Commerce and the European Union (EU) that regulates the way US companies could store and process the 'personal data' of European citizens. This framework developed in the year 2000 is used by buyers and suppliers to mutually accept the level of data protection required. When buyer organisation procure Cloud Services, more often than not their data (including personal data) are stored and/or processed in data centres managed by the service provider. These facilities could be physically located in any geography depending on the provider's own data storage strategy.

At the end of 2015, the European Court of Justice delivered a judgement in a particular case which sent a very strong message that safe harbor alone was inadequate to ensure the protection of personal data.

What will happen now?

  • Cloud service providers will revisit their service delivery strategy for EU customers. Large scale providers such as AWS already allow the
    buyers to choose the physical data storage location

  • .Some Cloud suppliers will decide to invest in data centres in the EU region. This will impact their costs of the service.

  • Each of the 20+ EU countries can now formulate their own requirements to protect data, which is transferred outside the region. Administration of the same would be highly complex at the supplier end may increase the cost of their offerings.

  • Buyer organisations will have a smaller pool of suppliers to choose from. They may even have to bring back some of the services in house. This will have an adverse effect on their capital & recurrent IT budgets.

  • The European Commission and the United States will agree on a new framework. The initial statement of this 'EU-US Privacy Shield' was released in February this year.

  • Cloud suppliers will work towards getting non-geography specific accreditations such as ISO 27018 (protection of personally identifiable information in public clouds).

Though the context of this issue seems to be limited to US and the EU region, although the data protection principles that have come to limelight as a result are universal. The recent judgement does not completely invalidate the safe harbor framework that had been operating for 15 years. It merely questions the adequacy of the same. In my opinion, this recent development only challenges both supplier and buyer organisations positively to be extra vigilant on where & how they store data.

What is your opinion?

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Tweets by @Infosys_BPO