By
When it comes to the provenance of our data, there is thankfully a growing awareness among data professionals and organisations which rely on large volumes of data that how that data is stored, managed and regulated is vital.
That said, with the geopolitical climate unstable to say the least, and previously steadfast intergovernmental relationships seemingly more tumultuous than ever, it could well be time to review our data storage strategies, with particular reference to the sovereignty vs residency debate.
What do we mean by sovereignty and residency?
In the simplest of terms, data sovereignty refers to the legal authority a country has over data generated or processed within its borders, while data residency concerns the physical location where data is stored.
Our clients, associates and thought leaders in the data industry naturally grapple with issues of data residency when reviewing their data storage options. They’re looking at areas such as:
Business services: Depending on the locale, the data storage solutions globally perceived as best in class (in terms of price, service levels, trust) may well be physically headquartered and based abroad, leading many organisations opting to store data on foreign shores
Regulation Compliance: Organisations sometimes store data in a particular country purely to adhere to local laws which require ‘home’ storage, like GDPR in Europe.
Performance Optimisation: Storing data closer to users can improve speed and reduce latency – particularly important in industries relying on quick data-derived decision making
Corporate Strategy: Businesses might voluntarily choose a location to store their data to enhance trust with local customers – the perception might be that local storage is safer, or supports the local economy.
We sometimes find there is less awareness of data sovereignty: the principle that data physically stored within a country's borders is subject to the laws and jurisdiction of that particular country, regardless of who owns the data or where the company managing it is headquartered. There are several key implications of data sovereignty including:
Jurisdictional Control: Governments may have the right to access data stored on servers within their territory, even if the data belongs to foreign companies.
Legal Implications: This means that foreign-owned cloud services operating within a country must follow local rules (e.g. comply with in country law enforcement requests, regardless of how ethical those requests might appear to the international community).
Privacy and Security: Due to the possibility of ‘foreign interference’ and a feared lack of transparency around its potential scope, privacy, surveillance, and national security also become concerns.
Ongoing push and pull
Given their implications, understanding both data sovereignty and residency is crucial for businesses and organisations handling sensitive data.
The issues are essentially two sides of the same coin in terms of data management. We all have a duty to comply with the data laws of the countries where our data is stored and processed and failing to do so can result in severe financial penalties, legal repercussions, and poor user outcomes. On the flip side, at times the decisions we must make in order to comply with regulation could impact the ability to develop a resilient data infrastructure that’s connected rather than siloed and aligns with user expectations.
Should shifting geopolitics shape our data storage decisions?
The push and pull of the residency vs sovereignty debate is inevitably here to stay, but recent geopolitical developments could and should change how we think about our data storage from a UK perspective, particularly in reference to privacy and security as a primary aspect of data sovereignty.
Much has been made in the press in the last few weeks and months of a changing relationship with the US for example. Of course, the majority of global trusted cloud storage operators are based in the US, and I’d hazard a guess that many of us use their services. When weighing up potential issues arising from sovereignty as a result of foreign data residency, up until the beginning of this year, it's unlikely European data leaders would have thought twice about a US service provider, and arguably, we are quite some way off arriving at a need to find alternatives. That said, as data gate keepers, as our geopolitical relationships change, it could well be wise to fully review the options and consider all moving parts going forward.
What’s the solution?
There isn’t a one size fits all strategy here, but in my view we should all be thinking more about our data storage and looking towards portable cloud agnostic approaches which can be easily migrated, to ensure we stay nimble and remain ahead of the curve in terms of a changing political landscape.
For more information, or a general conversation about data storage, feel free to reach out to me to book a call.
