Datacenter Location and International Borders
Where is the datacenter?
New lean mobile app or Internet of Things (IoT) developers looking to store their customer data in the cloud have several options to manage growth while keeping costs low. Historically, developers lease physical servers in a datacenter that dedicate actual servers with fixed storage. The on-premise datacenter belonged to the firm, and all of the data that’s stored on it.
With today’s cloud computing options, such as Microsoft Azure and Amazon Web Services, where your data resides is not transparent when your managed data may shift from a datacenter in one region of the country to another, depending on performance and server maintenance of the cloud provider. This high availability and data flexibility creates new problems when data may move from one country to another.
Are you serving your country?
Government regulations may dictate where you may store your company’s data. You must first consider, is your data sensitive? Are your clients are members of government entities? If so, legislation may dictate whether or not your data can leave their nations’ soil.
Data requirements may affect applications that contain unclassified government data. When designing an application that serves both businesses and governments, companies may need to choose cloud providers or services that will guarantee the data’s location.
How’s your heart rate?
Some applications or IoT Services (such as pedometers, heart rate monitors, weight trackers) may fall under the category Personal Health Information or PHI. These categories can have separate legislation that requires encryption for data at rest as well as in transit.
HIPAA, or Health Insurance Portability and Accountability Act, is United States Legislation enacted in 1996 to protect PHI for U.S. residents. Depending on your data, you may need specific technologies to protect your clients’ information as well as limit your liability.
Expanding into Europe?
If you European residents using your device or application, be sure to consider the EU GDPR. The European Union General Data Protection Regulation protects EU citizens and visitors alike. Similar to HIPAA, GDPR protects all data privacy for data users on EU soil. From privacy notices to the “right to be forgotten,” GDPR gives “people more control over their data.”
What should you do?
First, collect all of the meta data about your data. Who’s data is it? What data is it? Where are the clients and where is the content? This information will be critical to identify all liabilities to both your customers and your investors.
Secondly, find a Cyber / Data / Privacy attorney to review this information to protect you best. Once you’ve identified your requirements, your cloud provider or CIO will guide you to your required solutions.