A growing criticism against Google and amazon in particular is they will not disclose the location of their servers where your data may be stored. Ergo, customers could run afoul of many country laws around data location.
I can see regulators in small towns who have never left their county continue to fuss over data location, but I am surprised folks in IT who travel widely, change SIM cards when they land overseas, may be even have investments in foreign stocks and offshore bank accounts still continue to defend the need for precise data location information.
I am with Lew Tucker of Sun when he says “"It really is who has access to these bits that is the really critical question, not the locale where they reside in"
If I was a regulator I would focus on 2 things
- Look to attract the massive new data centers that will support clouds – get IBM and HP and Google and amazon to bring them to my backyard
- I would look at the mess we have around data privacy issues. As Forbes says “”More than 300 privacy-related laws are on the books, in both Washington, D.C. and state capitals. Privacy-related consulting services provided by law and accounting firms are a $500-million-a-year business and have been growing at double digits. Expenses inside companies for privacy compliance easily run into the billions” Trust me, we have had data location laws on the books for a while and that has not helped data privacy a whole lot…
Readers?
While I agree that location is not critical for everyone, it is for some. For example, those trying to gain some level of protection for their data from inspection under the Patriot Act might want only offshore data centers. UK government rules require that some types of sensitive data, such as required during e-discovery, not leave the country or be placed only in approved safe havens, and so forth. Control over the physical location of data will not be a guarantee of privacy, but it could help.
Posted by: Michael Osterman | June 17, 2009 at 05:27 PM
Michael, of course...but so many countries/local authorities just blindly enacted data location rules..they should instead salivate at what Oregon has done to attract Google, MS and other DCs...
Posted by: vinnie mirchandani | June 17, 2009 at 08:47 PM
Just to echo your comments, in one of my prior companies we had to locate a data center in a certain European country to meet the demands of an early and important enterprise customer in order to have their data "local". While worth it for the traction, a lot of marginal expense for one customer.
As others noted, aside from the location regs the various privacy regimes are confusing and contradictory, making it near impossible for global enterprises to stay truly in compliance. At the same time, we have enterprises and government entities allowing personally identifiable information (PII) and other critical data walking around, unencrypted on laptops, so these organizations have a long way to go to meet the spirit of the privacy regulations. While there are technology components, many of the key gaps continue to be people and procedures.
For one group that tries to help organizations with privacy issues, see the IAPP site at www.privacyassociation.org
Posted by: Roger Bottum | June 22, 2009 at 08:19 AM
With all the protection that we need to incorporate ( compliance with regulatory laws across jurisdictions, data locale restrictions and so on), will the cloud still prove to be a cost-effective option as is being hyped?
Posted by: Smita | August 05, 2009 at 03:04 AM
The location of data is of critical importance to Europeans. There are a number of pieces of legislation in place in both the UK, in particular, and Europe in general. These can involve unlimited fines. For UK Data Protection Officers there is actually no excuse in Law for not knowing. If a vendor refuses to divulge "where" data is located then that is a disincentive to invest. It is not about "attracting" businesses with data location obfustication practices.
The bottom line is that corporations obscure the location of data because they suppose it gives a competitive advantage. This is not the case. It enforces a competitive disadvantage on customers.
It remains cost effective for Google or Amazon precisely because of the obfustication. Without it they have no more added value than the hardware cost of me adding a few terabytes to my machine.
Obscurity is profitable.
Posted by: sceptic | September 06, 2009 at 09:37 PM
sceptic, seriously do you know or care which sector on your hard drive every piece of data is? We outsourced data location info to the OS a long time ago, then to centralized servers, then to outsourcers, and now to the cloud.
To me, this is a periodic tug of war bureaucrats like to bait each other with.
Posted by: vinnie mirchandani | September 07, 2009 at 10:13 AM