Data location matters

August 30, 2007 at 9:45 pm 3 comments

Dale Olds in The physical location of data matters writes, “…it matters to me in real, tangible ways who runs the servers and where my data is stored ‑‑ and who is liable when there is a failure.”

From an international perspective, while this is of course true, there are bigger issues than just operational issues and liability.

For many non-Americans top of mind when they think about the physical location of their data is the USA Patriot Act. This law presents two particularly thorny issues regarding their data stored in the US.

First, the bar is set very low. US law enforcement agencies can access the data if they consider it relevant to their investigations. This is far easier to meet than the normal test of probable cause.

Second, if data is accessed in this manner, the data holder (the US-based vendor) is not allowed to tell the overseas data owner that their data has been accessed, even if the vendor is contractually bound to do so.

Both of these angles and more are well covered in a report from the Information & Privacy Commissioner of British Columbia, Canada (pdf, 1.29 MB). It was published in October 2004 but still remains relevant.

There is another angle for data location that is top of mind for organisations that outsource IT or back-office functions internationally. That’s privacy and protection of personal information from unauthorised access, especially from insiders of the vendor’s company.

NZ’s Privacy Commissioner recently gave a presentation that includes concerns for personal data held overseas.

It’s no wonder that most organisations prefer to keep their data onshore. Data location does indeed matter.


Entry filed under: Canada, government, NZ, personal_info, privacy, report, strategy, USA.

England: a bigger folly Wellington events coming up

3 Comments Add your own

  • 1. Bernard O'Brien  |  September 12, 2007 at 10:11 am

    I agree. With organisations enthusiastically promoting software as a service, how and where and under what conditions your data is stored and what provisions are made about its use or availability in case of service provider bankrupcy or acquisition becomes very important.
    Some may argue that the sheer size of the user base gives a “safety in numbers” assurance that their data will be safe.
    I would think that an ironclad contract specifying and guaranteeing custodial responsibilities and duties, especially if the provider gets into a “troubled” state in a business sense, binding on subsequent owners in multiple jurisdictions would be more important.

  • […] Data location does indeed matter. […]

  • 3. sandrar  |  September 11, 2009 at 9:36 am

    Hi! I was surfing and found your blog post… nice! I love your blog. 🙂 Cheers! Sandra. R.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter

Error: Twitter did not respond. Please wait a few minutes and refresh this page.


%d bloggers like this: