We've already established that data protection -- i.e., data privacy and data security -- are the primary compliance issues faced by companies that operate globally. But as attorney Janine Bowen indicated earlier this week, add cloud computing and virtualization into the mix and you add to the complexity exponentially.
If you'll recall, she said data protection was complicated for global companies because different countries have different requirements regarding keeping certain data private and secure. More specifically, she noted that most of the data privacy laws protect the rights of the people the data is about, not necessarily the companies that hold the data. She explained:
[Say a company has] some sort of new performance management system that is going to be globally run out of the Atlanta offices. They need to figure out how to get EU records over to Atlanta. That's when you have a problem because you've got to make sure that you get the right level of consent from the individuals whose data it is before you can move it around.
If you're storing data in the cloud, you don't want to care where data is or to whom it belongs; you just want to know "it's being handled," she said. And if you're using virtualization and the cloud... Bowen noted:Virtualization adds another layer of complexity [in that] you've got machines that are potentially being segmented and they're passing data among multiple machines in multiple geographies.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
And different data protection requirements in those "multiple geographies" are going to force you to care whose data it is, where that person lives and where the data is located.
Understandably, doing that is not easy, but it can happen. Bowen says a good place to start is making sure your processes meet the requirements in the jurisdictions that have "an enhanced level of protection" for data.