Many organizations are concerned about their data privacy, and rightfully so.
In response to 9/11, the U.S government created The Patriot Act, providing their agencies access to not only your personal data but all organizations data that meet the requirements set out by the Act.
Your organization may not be concerned with the U.S having access to your data, but your clients might be. To ensure your organization is keeping your clients happy, one must understand the Patriot Act and how it affects your data and privacy.
The Patriot Act
The U.S has access to both any data held within their borders and all data of companies that operate within the U.S. This means escaping the reach of the Patriot Act isn’t easy.
"You have to fence yourself off and make sure that neither you or your cloud service provider has any operations in the United States, otherwise you’re vulnerable to U.S jurisdiction" explains Alex Lakatos, a partner and cross-border litigation expert at Mayer Brown. Few large IT customers or cloud providers fit that description in today's global business environment.
Is Your Data Really Where You Think It Is?
Just because your organization is in Australia and your service provider also has a data center in Australia does not mean your data is in that data center. Many organizations have been surprised to find out that their data is in a data center outside of their country or jurisdiction. Your organization should have a conversation with your service provider concerning where your data will be stored and include this information in your contract or SLA. The U.S isn’t the only country with data surveillance laws. The United Kingdom has recently passed the Investigatory Powers Act, giving security services in the UK permission to use a wide range of tools for surveillance and hacking. Knowing the laws of the country your data resides in is paramount to protecting your organization’s and client’s data.
Working with A Cloud Provider
To protect your data from being accessible via the Patriot Act, your organization must maintain all operations outside of the U.S and use a cloud provider that operates and stores your data outside of the USA.
It is best to speak with your service provider about your data concerns. Ask about their data sovereignty and find out if they fall under the Patriot Act. If your organization has concerns about your data being accessed, consult your service provider and include in your contract or Service Level Agreement (SLA) a clause pertaining to how the provider must respond to government requests for data.
In the Bahamas, where Cloud Carib is headquartered, access to data is governed by the Data Protection Act, which provides a statutory framework for the collection, use and disclosure of personal information largely based upon OECD’s Privacy Guidelines. Cloud Carib does not fall under the jurisdiction of the Patriot Act and boasts strict data protection laws. Learn more about our Bahamas Advantage.