Not all cloud providers are created equal. And while many companies might be willing to take a risk with their own data, when you’re dealing with something as sensitive as clients’ financial information, you need to make sure you’re squeaky clean.
Not just because your clients are trusting you, although that’s important enough. There’s also the knotty issue of compliance to think about.
These are issues that can be hard to navigate. So much so that even a giant international corporation like Facebook, with an extensive legal team at its disposal, can sometimes find itself in trouble.
Yes, that’s right: this month, Facebook found itself in hot water over the way it stores and transfers it data across national borders.
So what happened, exactly?
Well, for the past 15 years, the EU and the US have had a pact in place called Safe Harbour, which gives European countries a straightforward way to move data to the US without breaking their national laws.
But now, the European Court of Justice has ruled that this pact is invalid, because it doesn’t adequately protect the privacy of European citizens. And Facebook has become one of the first organisations to be told its transatlantic data flows are in breach of the updated rules.
So much for Facebook – what does that mean for you?
As Allie Renison from the UK’s Institute of Directors told the BBC:
“It’s not just about companies whose core activities is data processing – i.e. the Facebooks of the world – it’s the companies who don’t have data processing capabilities of their own and transfer personal data abroad to get it done.
“So, if you’re a company that sends payroll data for administrative purposes across to the US, that becomes an issue.”
This matters because, very sensibly, decent cloud companies back up their data on multiple servers in multiple locations. As a result, if there’s ever a natural disaster or a technical meltdown that destroys one set of hosted data, you don’t need to worry – there’s another copy safely squirrelled away. And the best cloud storage providers will be able to give you seamless access – keeping your all-important assets safe from harm.
So far, so good. But where are they keeping that data?
For compliance purposes, you should never even think about keeping your data in a data centre that isn’t certified to ISO27001 and PC DSS Security Standards in the UK. But that’s not where your questions should end.
You also need to know if they’re planning to move any of this data abroad. You need to know that, if they are transporting data overseas, their security measures are still on par with UK guidelines. And now, you need to make sure that they fully grasp the new EU rules that pertain to moving data outside of the EU.
In essence, you need to choose a provider that really knows their stuff. And preferably one that doesn’t send data out of EU jurisdiction and one that you can trust to handle these issue on your behalf.
After all, your clients are depending on you to get it right. And so is your business.