Data privacy and security in the post-Snowden era

Table of Contents

  1. Summary
  2. Situational analysis
  3. Governments protect and threaten customer data privacy
  4. Iceland is a data haven
  5. Conclusion and key takeaways
  6. Appendix: security checklist for selecting data-center services
  7. About Matt Sarrel

1. Summary

Recent revelations of spying by the U.S. National Security Agency (N.S.A.) as well as by the U.K. and French governments indicate that not every cloud is safe and secure. As companies consider shifting data to the cloud, especially those from countries with strict regulations governing sensitive data, this is not just a security issue. They must find a geographic location that is legally viable for compliance within their country’s data protection laws. Iceland, through the combination of the Icelandic Modern Media Initiative (IMMI) regulations and status as an European Economic Area (E.E.A.) state, is uniquely positioned as a data privacy haven. E.U. companies that are serious about protecting corporate intellectual property and customer data should evaluate cloud-hosting providers located there.

Key findings in this report include:

  • Legal data exposure as a result of the U.S. Patriot Act combined with illegal data exposure as a result of N.S.A. spying has created a legal environment in which E.U. companies can no longer consider hosting customer data and corporate intellectual property at U.S. cloud providers that are located within the U.S. or in other geographies with weak user privacy laws beyond U.S. borders.
  • Countries within the E.U., such as the U.K. and France, are also guilty of unauthorized data access and spying and are therefore inappropriate countries to host data.
  • Companies headquartered in the E.U. are required under Directive 95/46/EU to protect sensitive customer data, which they cannot accomplish in the environments created by the U.S. Patriot Act and government spying.
  • Iceland, with its IMMI regulations and status as an E.E.A. state, is one of the few choices for hosting cloud-based data in compliance with Directive 95/46/EU.

 

 

Thumbnail image courtesy of: iStock/Thinkstock.

Full content available to GigaOm Subscribers.

Sign Up For Free