The aftershock of Edward Snowden’s National Security Agency (NSA) revelations are still being felt. The ‘Snowden Effect’ — as it’s often named — is very real, and is evident in recent cases like Austrian Max Schrems’ suit against Facebook, which marked the death of Safe Harbor. However, the attempts of legislators to lock down personally identifiable information (PII) to protect citizens in different countries is now causing friction with the premise behind cloud computing: everywhere data.
Now, businesses globally are feeling protective over where their data is stored. It is an emotional response to a legal problem. Recently, Intralinks® commissioned global analyst house Ovum to discover how global businesses are reacting to upcoming data privacy regulations, given that the legal landscape is set to change. Overall, the attitudes of global businesses are negative towards the U.S., most of which is likely to be fueled by Snowden. Rather surprisingly, of 20 industrialized economies, the U.S. was deemed the least trustworthy for accessing information without permission, with China second and Russia coming in third.
New regulations in Europe are also placing U.S. businesses at a disadvantage. Ovum’s research revealed that 85% of U.S. respondents believe that the proposed European Union (EU) General Data Protection Regulation (GDPR) will favor European-based businesses, and 71% of U.S. respondents feel it will dramatically increase the costs of doing business in, or with, EU states.
Clearly U.S. businesses see themselves as vulnerable when faced with changing data privacy regulations. But, inevitably they will face different laws and regulations in many countries within which they intend to do business, and this requires a strategy lead by a core executive team responsible for establishing corporate controls, policies, and procedures for maintaining compliance.
To start off this process, businesses must conduct privacy-risk assessments. The first step is to categorize information and apply this to existing business processes. Businesses must learn to become flexible as more regulations arise, altering procedures to meet pertinent demands. They also need to educate the workforces on the importance of data sovereignty and data privacy, and introduce technology to protect sensitive information. It is crucial that organizations work with savvy vendors prepared to support a global data privacy strategy, as laws can vary from country to country.
Although the global business community believes the odds are stacked against the U.S., its businesses now have the opportunity to substantiate their data privacy strategies in the face of more regulations. Cloud usage is inevitable. Data is everywhere. Planning ahead is critical to ensure success.