Offshore Cloud Storage: Do you know where your data lives?

Offshore Cloud Storage: Do you know where your data lives?

There’s an insightful article in today’s National Post about the legal implications of offshore cloud storage.  This article should be mandatory reading for any organization thinking about implementing cloud storage.  It also provides a remedial lesson for any Canadian-based organization that embraced cloud storage without first determining where its data would be stored and assessing the risks inherent in any out-of-country storage.

Cloud storage provides many benefits including reduced storage costs, disaster recovery protection, and allowing 24/7 access to information (by authorized users, of course).  But how many organizations thoroughly assess the tradeoffs in achieving those benefits before signing a contract with a cloud storage provider?

One of the biggest risks of cloud computing concerns the location of the stored data.  By virtue of being located in another country, a Canadian-based organization risks that the goverment of that country will be able to access the information or be able to use the information in ways not allowed under Canadian law.  This is of concern particularly where personal information is concerned as we’ve seen from the anxiety many experienced when the expanded search and seizure powers came into effect under the US Patriot Act.

As the article makes clear, any organization signing a cloud storage contract should first ask the vendor to specify where the data will be stored so the organization can assess the jurisdictional implications of any out-of-country storage.  I also recommend asking the vendor about backups since its possible that the back up server(s) may be located in yet another country.

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Posts

business processes

Fighting the Ocean — Record Proliferation and You

In 2011, Futurist Thomas Frey predicted the emergence of new career trends which will be increasingly important over the coming decades.  One of these he called a “Waste Data Manager”, which he describes as follows: “To insure data integrity in today’s fast evolving information storage industry, multiple redundancies have been built into the system. Achieving more streamline (sic) data storage in the future will require de-duplication specialists who can ,,,

Read More »
  • About the Author

  • Sheila Portrait
    Sheila Taylor
  • Sheila Taylor is a well known consultant, educator, speaker and writer with more than 25 years of experience in the information management (IM) field.

  • Recent Tweets

  • Company News

  • Search Site

  • Archives By Date

  •  Telephone

     

    (905) 702-8756
    1-877-857-7111

     

    Email

     

    info@eimc.ca

    Request A Call

    Case in Point

    That's A Lot of Records!
    Often the requirement for a needs assessment is driven by a specific initiative being considered or an immediate problem to be solved, rather than a general desire to establish a corporate (or organization-wide) IM program. We had a client wanting to improve its management of a specific group of critical records – thousands of member files in paper, microform and digital formats containing hundreds of unique document types.
    Assess, Plan and Schedule
    Ergo reviewed the organization’s current practices for managing those records, compared those practices to best practices, and identified risks and areas for improvement. From there we developed a strategic plan with a focus on records storage and retention. The plan identified the operational, financial and technological requirements for implementing the recommended changes, improvements and enhancements in the lifecycle management of the member records. Activities in the plan were classified as short term (next 6-12 months), medium term (next 12-24 months) and longer term (next 25+ months).
    Step by Step Success
    Implementation of the strategic plan enabled this organization to ensure its member records are properly identified, organized, accessible, protected and retained as long as necessary to meet operational and other requirements.
    Previous slide
    Next slide