Data Residency, Sovereignty and the Safe Harbor Sham

This past Tuesday it was announced that the American ‘Safe Harbor’ compliance has been ruled invalid by the EU’s highest courts – a ruling that is unappealable. Safe Harbor was the standard for data privacy in the US as well as Europe, but was shot down after it was proven that European data stored by American companies could be accessed and surveilled by spy agencies like the NSA.

This is the second high profile, precedent setting case where data residency has been a majorly concerning subject matter. Last year, Microsoft was ordered to hand over data residing in an Irish data centre. It was determined in court that US cloud computing companies, like Microsoft Google and Amazon Web Services, must turn over private information when served with a valid search warrant from US law enforcement agencies, even if that data resides in data centres outside of the US.

We feel that this is an extremely relevant piece of news for our customer base considering that many of our users have data residency concerns.

Here are two main considerations for keeping your data out of reach of wondering eyes:

Be responsible for your own data

Don’t get swept up by with SOC 2 or Tier III data centre certifications, or more concerningly, “self-certify” programs such as Safe Harbour. While they do provide an independent review of processes and best practices for running data centre facilities, they do not always cover measures for protecting private tenant data for a self service cloud provider. It is important that users take responsibility for their own data, where it is located and how it is secured. To protect yourself from prying eyes, use strong encryption wherever possible, especially if data is being transferred over the internet.

Learn about your cloud service provider

Canadian data residency is one thing, but this week’s news proves that the ownership of a cloud service provider is as important as where the data resides.  Ask questions like:

  • Which country is the data stored in?
  • Which country is the business headquarters of the cloud service provider?
  • Which jurisdiction covers the user agreement between you and the cloud service provider?

One red flag to look out for is if a company is unwilling to answer these questions for you. At Cloud-A, we have an easy time answering these questions for our customers. We are a 100% Canadian owned and Operated company, headquartered in Halifax, NS. All of our data resides within Canadian boarders, and we have direct connectivity to Europe and the UK via trans-Atlantic cables, meaning that your overseas customers’ data never touches American soil

Want more info? Ask us!

As a company that originally set out to provide true cloud to Canadians with concerns over data residency and sovereignty, we are dedicated to providing users with all of the information they need to ensure that their data is safe from prying eyes.