I have finally been published on my employer’s web site blog. The article, Conflicting Data Requirements: Privacy versus Transparency looks at the countervailing tendencies by governments legislating for citizen privacy and tax transparency. The article concludes with a series of technical challenges to meet the needs of both political initiatives. The article was syndicated on the Tabb Forum, and you can read that here. The article was originally provoked by a Gartner Press Release which suggests that location and the need for specific jurisdictional compliance will reduce as costs and constraints over time. I don’t agree, the location of data, cross border transfers and compliance is a problem that will be with us for a while, and IT systems architects need to design to solve both dimensions.
The article went through a number of revisions, and I had originally written of the current court case going on in the USA; the FBI vs. Microsoft where the FBI are attempting to obtain confidential data from an Irish located server without a warrant or subpoena. The Register follows this story and reports that other US technology companies are joining Microsoft in the case. This case is important since it will determine the powers of US Law enforcement to utilise US companies’ IT systems without judge issued warrants, without invoking mutual assistance agreements and outside the context of the transnational treaties explored in my blog article. Depending on the outcome, European companies may need to review their data protection compliance policies as they apply to cross border transfers and transnational outsourcing.
Shortly after publication, an article, with the snappy and economic title, Shadow IT use makes location of cloud-stored data important for data protection compliance, says cloud security supplier was published at Out-Law.com. This article reinforces the concern that compliance obligations will inhibit cross border data transfers. They have an interesting and in my opinion over simple classification of privacy laws which builds on the ideas I originally developed, although didn’t publish at my previous employer, that you can’t transfer data from high privacy jurisdictions to lower privacy ones. Since Out-Law.com are lawyers, they highlight that the single European legal regulations allow for extra-jurisdiction protection thorough legal contract. i.e. suppliers can contract/agree to take “adequate custodial measures”. I didn’t mention this in my article, but then we’re not lawyers.
Back dated to the date of publication, the featured picture is mine and these words are exceptionally similar to a linkedin blog post I made on the 4th November.