Partner Article

The challenges of data protection

The week of the 9th December saw collaboration between parties that many would have thought impossible or at least rare. The technology giants of the world – Facebook and Twitter, Apple and Microsoft, Google and Yahoo, alongside both AOL and LinkedIn – set aside their rivalries to write an open letter to President Obama and members of the US Congress asking for US reform on data policy. The revelations regarding NSA and GCHQ activity over the summer of 2013 have caused concern and unease amongst today’s highly digitised general public. With this in mind, it is interesting to note that the most vocal disputes so far have come from multinational companies, rather than any originating from specific organic public disapproval.

Considering this further, it is only natural that large companies, whose interests are in the information they hold, should be the ones to protest the loudest. The fourth point on the “Reform Government Surveillance” manifesto addresses this exact issue, stating that a global economy will only truly work when there is free flow of information.

The issues being contested are born out of a lack of transparency and understanding, partly stemming from the USA Patriot Act, which became law in 2001 and which was further extended in 2011. The act does not protect business records based in and transferred within the USA from access by US government agencies. This is the crux of the matter for the technology companies highlighted as these records are the foundation of their businesses; they wish to ensure the integrity of personal data they hold, and crucially it is this data that completes their business model in many respects – adding value to third parties in providing this information for advertising and marketing purposes. This raises an important issue for all companies in the global market. Business records contain key information, whether it is directly linked to revenue or not, and it is completely understandable that leaders of companies want this information to remain secure and confidential. Once an outside organisation becomes involved in viewing and assessing this data, can its integrity be assured? A general lack of awareness around this clause in the Patriot Act has meant that this is the question which technology companies and others hosting data are asking themselves, with the current outcry being a natural reaction to protect their and their clients crucial information assets. In an increasingly global marketplace, where data is frequently being stored for cross-border dissemination, this is a business consideration that cannot be overlooked.

This certainty over data security is something that European owned companies, in contrast, do have in place. The Data Protection Directive introduced by the EU, alongside recommendations from the Organisation for Economic Cooperation and Development, established a comprehensive data protection law for all member states. This law ensures that any client data physically stored within the confines of EU through a EU controlled company is protected. This makes the EU a preferable jurisdiction for European-based companies with private records, an initiative some feel should be replicated in the US. It is worth noting, however, that there are exceptions to this rule - EU companies with cloud-based storage or US companies with data held in the EU are not bound by the Data Protection Protection Directive.

This variation in the legislation can impact on the ability to provide secure storage and transfer of data. For Imprima’s particular focus in providing Virtual Data Rooms for secure client storage and transfer the specific details are essential. As a EU-based group, the Imprima VDR Platform is protected from third party access. This is also true if US based enterprises engage with us in accessing data hosted on behalf of a EU company, as those companies are bound by the US-EU Safe Harbor directive, ensuring US companies receiving EU data hold it as securely as it is held within its own jurisdiction.

According to many technology companies – including both Facebook and Twitter, a global consensus on data privacy is something that will benefit all immeasurably, allowing directives like the US-EU Safe Harbor directive and EU data protection act, to be replicated across the world. Thankfully for them, this is becoming ever more likely, as developing nations implement privacy measures. China has been the latest country to introduce legislation, with its announcement of the ‘Decision on Strengthening Internet Information’, a principle that has much the same powers as that of the EU’s Data Privacy Directive.

The US technology giants understand these geographical disparities and are simply frustrated with what they see as reduced protection for their data assets; they feel they can only vouch for the data protection levels put in place by their own efforts. As companies in today’s digitised world become ever more reliant on digital storage and transfer methods, this issue will become increasingly discussed and debated. 2014 is therefore set to be the year where data storage and transfer tops the agenda of the digital conversation, and business of all sizes and locations will require increased visibility on where they stand.

This was posted in Bdaily's Members' News section by Torgny Gunnarsson .