Going On-Prem?

  • BWFC (7/11/2016)


    rob.carter 79958 (7/11/2016)


    I'd echo the point about personal information, though I'm in a healthcare environment so it would be patient information that would be "cloudified" (I'm trademarking that).

    As I'm in the UK and much of the cloud infrastructure is based in the States, our Data Protection Act is a bit more stringent than that of the US (so I'm told by my Information Governance Manager) and our data would be subject to US law if it's held on a physical server in the USA. If Microsoft want to be pushing for online data storage as a norm, surely they would have to give assurances (and signatures) to say that they are happy to be prosecuted under the law of the country they rent space to before UK (or even European) companies look at this seriously.

    The NHS in the UK is extremely twitchy about cloud storage in general for this exact reason.

    I work for a multinational but I'm based in the Uk. The company as a whole is moving on to Google but as soon as our MD found there was a slight risk of PII being stored outside the EU, he dug his heels in and nixed it. We're staying with local systems and will be for the forseeable future. As David mentions though, it could be one of the largely unconsidered implications of Brexit. Much of the legality surrounding data protection is EU driven and if we're not covered by EU law who knows what could happen. I wouldn't be surprised to see some kind of data free-for-all as the protections are removed and companies swoop in to buy up the data.

    I don't think there's much chance of the regulations about security of PII being relaxed other than perhaps with respect to snooping by the security service and the intelligence service. So putting such data in the USA or even on a server own by a USA company or by a subsidiary of a USA comany if the US Government wins its case against Microsoft) will something every security professional will be strongly against, because they don't want their employer to be in breach of UK data protection law; and given that general advice about data on mobile computers is that no information that would be useful to your company's USA-based commercial competitors should ever be carried through USA immigration checks on such a device or on a separate drive together with such a device, even if password and encryption protection is used to secure it, I suspect that this is another set of data that the security people in a lot of companies concerned about possible commercial espionage will be extremely reluctant to place in the cloud where Americans might get at it even though non-PI data is not protected by law.

    Tom

  • I don't think that Brexit will affect anything to do with data protection. This is one area I expect UK law to remain aligned with EU legislation.

    Gaz

    -- Stop your grinnin' and drop your linen...they're everywhere!!!

Viewing 2 posts - 16 through 16 (of 16 total)

You must be logged in to reply to this topic. Login to reply