Economic Implications of CISA and Sovereign Data Privacy

The European Union Data Protection Directive protects how personal information of EU citizens is collected, used, and retained. It prohibits the transfer of personal information to countries outside the EU that do not have similar standards and policies in place.

A ‘Safe Harbor’ agreement was negotiated between the US Department of Commerce and the EU to make it easier for US companies to comply with the Directive.

In October of this year, in an action brought before the European Court of JusticeMaxmillian Schrems v Data Protection Commissioner , (as well as general angst in the EU of NSA ‘wire-tapping’) that Safe Harbor was ‘struck-down’.

This was a bombshell for information technology firms that promote ‘data without borders’; i.e., the ability to store, and seamlessly access corporate data that includes personal information across the enterprise, wherever it may be.

Amazon Web Services and Microsoft Azure lost no time in announcing plans for new data centers in the EU to address this. Fortune Magazine reports that Microsoft went so far as to vest custodianship of its encryption keys with its partner Deutsche Telekom. It has opened opportunities for smaller, more nimble service providers that can ‘stand-up’ infrastructure ‘in country’; IntraLinks andSyncplicity are two such companies that deliver technology that address compliance issues related to sovereign personal information.

The strike-down of the EU Data Protection Safe Harbor reflects the growing distrust of US-based data custodians. It is not unreasonable to speculate on economic consequences of mis-informed actions of legislators in the name of national security, as you can read here Ferocious Opposition Not Enough To Stop CISA

In a letter appeal to President Obama on July 27, 2015, forty organizations and thirty individuals articulate how CISA will actually make us less safe; Read Her

About Don

Former VP/GM, Enterprise Application Development in several NASDAQ companies Partner Engagement Manager (Kforce, Inc.); development / deployment of Guest Experience Platform (Carnival Cruise Line) Chief Information Security Officer (CISO) Certification - Carnegie Mellon CIO Institute Certified Information Systems Security Professional (CISSP) Masters, Professional Studies, Georgetown University
This entry was posted in Cyber Risk. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s