17 Dec Data Residency: What is it and why should your organization care?
Data Residency: What is it and
why should your organization care?
18 December 2020 · 4 min read
Within a short period of time, organizations charged through their digital transformation efforts to adapt to shifting work environments. Rapid deployment of technologies enhanced collaboration and productivity but also presented new compliance challenges.
Already, 41% of compliance leaders say that poorly implemented technology has resulted in enforcement investigations. And while organizations are just beginning to feel the privacy repercussions of their rushed deployments, a new challenge is lurking just around the corner: data residency.
Data residency is a set of practices related to the location of data and metadata, its movement across geographies and jurisdictions, and protection against unintended access. Avoiding data residency issues begins with data mapping, namely understanding what data you have and where it is located.
If your data is spread across locations, analysis of applicable laws and regulations pertaining to those locations along with associated risks is necessary. Basically, you need to proactively control your data locations, calculate risks, and take actions required to minimize unwanted data exposure and inappropriate access.
Data residency has similarities with privacy and cybersecurity compliance, but they are not quite the same.
Organizations could violate privacy while being compliant with data residency requirements.
If your organization holds data in one location only, you are not violating data residency requirements. But your data may still be vulnerable to inappropriate access if improperly secured. For example, a bank could hold data on–premises, but administrative personnel could access sensitive client financial data.
Organizations could violate data residency while being compliant with privacy regulations.
The opposite scenario could also hold. Your organization may store data in many locations and have necessary processes to comply with privacy requirements but may be subject to data residency issues. Suppose your data is located in a country with legislation allowing them to access sensitive data in case of disputes. If your organization has a tax dispute, country authorities may hold the right to access client financial data, exposing you to data residency problems.
A data residency issue arising from disputes with another country’s authorities is only the beginning. Similar problems may result from other instances such as:
- Data center consolidation. Large multinational organizations consolidating data centers from multiple countries into fewer locations.
- Cloud or Outsourcing services. Organizations using services from companies located in another country or migrating some services to the cloud.
- Inappropriate access. Organizations using business process outsourcing solutions or managed helpdesk solutions that allow persons from another country access to sensitive data.
- Business travel. Employees traveling for business purposes and carrying sensitive information on their phones or laptops across jurisdictions.
The risks are too high to be ignored and could results in loss of client trust or revenue, amongst others. Some of these risks are:
- Increased risks of cyberattacks from smaller data centers managed by less experienced teams.
- Difficulties in recovering data, especially in smaller countries with weaker business support infrastructure in case of country-wide unrest, natural disasters, etc.
- Penalties for violating laws and regulations in various countries.
- Inappropriate access to your clients’ sensitive data by foreign organizations or vendors
- Industrial spying from foreign governments or companies, and more.
Organizations need to balance their need for efficiency and competitiveness with data residency and privacy implications. Being too restrictive with keeping data in one or few locations could stifle innovation, but a liberal movement of data across jurisdictions is also risky. Taking the necessary steps and following a few best practices could help your organization boost your digital transformation efforts while mitigating data residency risks.
Stay tuned for Part II of this blog post on Best Practices for Mitigating Data Residency Risks.
How Prosperoware Helps
Prosperoware CAM is a SaaS digital transformation and governance platform for collaboration systems in the cloud and on-premises. It enables organizations to improve adoption, enhance processes around management of office documents, and reduce risks related to privacy & cybersecurity.
Key features of CAM for Office 365 are:
- Automatic provisioning of workspaces, Teams, Channels, and folders from Project Portfolio Management, CRM etc., or through human workflow using templates
- Rich, custom metadata for project or document context
- Unified directory for project location
- Provision internal & external users, manage permissions, and integrate with ethical wall systems
- Data Loss Prevention including activity monitoring and bulk security & metadata changes
- Set data disposition policies or apply litigation hold
To see CAM for Microsoft Teams in action, watch this 3-min ONLY demo video here.