Blog

3 Steps to Avoid Data Localization Penalties!

Thumbnail
Governments are increasingly policing data. Many want organizations to register databases that have personal information. A greater number will only permit the transmission of this data outside of national boundaries if certain safeguards are taken.

Don't Move that Data !

Governments are increasingly policing data. Many want organizations to register databases that have personal information. A greater number will only permit the transmission of this data outside of national boundaries if certain safeguards are taken.

Most notable is Privacy Shield, which governs the transmissions of Personal Data outside of the EU, to the US. A successor to Safe Harbor, which was struck down in European courts, Privacy Shield includes vehicles such as Standard Contractual Clauses and Binding Corporate Rules to govern data exchange. However, the European Parliament has identified deficiencies and has asked the European Commission to continue negotiations with the U.S. on resolving these shortcomings.

In addition to the European Union, other countries are also enacting legislation to protect citizens' data. Columbia's General Provisions for Personal Data Protection, prohibits the transfer of personal information to countries outside Colombia that do not provide an adequate level of data protection. Peru's Law for Personal Data Protection restricts cross-border transfers of personal data unless the importer of the data assumes the same obligations as the exporting organization. The Russian Data Localization Law governs organizations that collect data on Russian citizens or targets Russian citizens.

What can organizations do in this atmosphere of uncertainty?

While there is no silver bullet and we are probably looking at future legal challenges, organizations can take steps to reduce their risk.

  1. Be active in voicing concerns and keeping track of legislativechanges.
  2. Know where personal data exists that might be impacted by these rules. This involves inspecting, categorizing and tracking data that is used in transaction processing, analytical and software development environments.
  3. Anonymize or de-identify appropriate data to lessen the volume of data that may be subject to these types of rules. Based on typical organization profiles, this can lessen the amount of data in question by up to 80%.

Taking prudent steps to lessen risk is a cost effective way to ensure compliance with regulations and also provides a flexible framework from which to adapt to changes...

... which are certain to follow.

Joe Santangelo
Delphix Corp.
Joseph.Santangelo@delphix.com
+1-646-596-2670
@jisantangelo