With the ruling that Safe Harbour, the data-sharing agreement between the EU and the US, is not valid, there is a question about the safety of data passing between the US and UK. And with data security a growing issue, what impact will it have on where you should store your data?
What Does the Safe Harbour Ruling Mean for Data Security?
October 2015 saw the ruling that Safe Harbour, an agreement that had been in place for 15 years, was not legal. The demise of this agreement means that transferring data between the EU and the US is not as safe as it once was, and UK organisations can’t be as confident that they will be protected by European privacy laws. There are ongoing negotiations regarding the privacy of data across the Atlantic, with the potential for a ‘Privacy Shield’ deal. However, as it stands, EU law does not allow the movement of its inhabitants’ data outside of the EU unless it is being transferred to somewhere with equivalent privacy protection. This raises the question for UK businesses as to whether their data is secure if it is stored in the US or anywhere else outside the EU.
For most businesses, storing their data in-house is neither practical nor desirable, as it involves specialised skills and 24/7 monitoring to handle such large amounts of data. Therefore it often makes sense to outsource this task to reputable cloud service providers that specialise in securely storing large amounts of data.
In the wake of the demise of Safe Harbour, and with ongoing concerns regarding data security, it is anticipated that UK businesses will start to show a preference for storing their data as close to home as possible, or at least within areas governed by EU law. With this in mind, heavy-weight cloud providers Microsoft plan to open at least two data centres for Office and Azure in the UK this year, on top of the centres already established in the Netherlands and Ireland. This is a continuing trend, with major cloud providers IBM, Google and Amazon also building data centres in Europe as businesses insist on their data remaining within the EU. IBM now has cloud centres in Amsterdam, London and Paris and has plans to build another 14 within the EU to grow its data security services. This planned growth will increasingly give European businesses the option to store their data within their own country, not just within the EU
What Should UK Businesses Do Now?
It’s essential that UK organisations now audit their security arrangements and think carefully about their options in terms of data storage. Businesses which until now have stored data in the US, either by choice or unknowingly as a result of their cloud providers’ arrangements, may wish to review this decision and consider alternatives within the EU.
Data security is an ongoing issue, with online crime costing the UK a massive £27 billion a year. Better protection of company data could make a huge dent in this figure. With new options emerging in online data storage in the UK, more local data storage could be the way to get there. And in addition to the security benefits, there are also other advantages to storing your data close to home. It can be accessed more far more easily, and should the worst happen, any outages can be spotted and reacted to swiftly, limiting disruption to the business.
It seems that even prior to the ruling on Safe Harbour, the major players in cloud services were listening to businesses and putting in place the options to keep data within the EU. The issues brought about by online data storage and its security are ongoing and complex, and confidence in the cloud providers’ ability to keep data private is key – staying local appears to be part of that.