Jul 31 2015

Data Security and the Patriot Act

US cloud dataAs a SaaS provider customers trust us to keep the information we host and process on their behalf highly secure.

We are a European group with the majority of our hosting facilities implemented across Europe and the Middle East.

It therefore came as a surprise when we spotted an article clearly highlighting a major threat to the information assurance claims of similar companies with headquarters in the US.

The US Patriot Act allows US authorities the right to access data hosted by American companies. It was initially expected that customer data hosted by US companies in other areas of the world would be free from interrogation by US authorities.

However, a court ruling in New York has set a precedent for global monitoring of data.

Wide ranging implications

Microsoft recently challenged the US authorities, arguing that it should not need to handover data regarding a non-US customer because the data was not stored or processed on US soil. A New York judge ruled that data requests brought under the Stored Communications Act applied to all data a US-owned company held, wherever in the world it was located.

This sets a very powerful precedent that has been little covered in the press. The implication is that any US owned company (any company headquartered in the United States) can have data it manages on behalf of customers accessed by the US government, wherever in the world the data is held, no matter who hosts it. This affects not just users of US data centres but clients of any US based cloud/ SaaS solution provider, including those in the AEC and property industries.

Assessing Exposure to the US Patriot Act

Sharing project informationFor many the response to this will be ‘who cares?’ and understandably so. If you are a contractor building a small apartment block in London, Singapore or Dubai it might not be a major concern that a foreign government can access your data at will.

However, it’s understandable to consider this unacceptable if your company operates in a sensitive market sectors such as energy, infrastructure or finance.

US cloud providers will no doubt seek to appeal, or pursue Safe Harbour Agreements in order to restore trust that foreign companies’ data is safe with them. The principle however remains, that the US Government has a broad view on jurisdiction when it comes to cloud data and there is a simpler solution when it comes to keeping your data safe.

Hosting Locally

Data hosted outside of the US by a non US owned company cannot legally be accessed by the US Government. Of course local laws in the country where your data is being held need to be taken into account but this is the most effective way of protecting your data. A significant proportion of providers of cloud services for construction, infrastructure and real estate are potentially affected by these regulations.

CONJECT is subject to some of the most stringent data protection laws in the world and we back this up by providing regional hosting for our clients (UK data centres for the UK and Ireland, Dubai for the Middle East, etc.). Of course data security is not just about access by foreign governments, we also take extensive measures to protect against intrusion many malicious third parties.

To find out more about how CONJECT protect your data see our infographic or read “How secure is your cloud?”

About the author

Michelle Mason

Michelle Mason leads the UK and MEAP Marketing team, with far too many years in B2B marketing to mention. A CONJECT newbie, Michelle is eagerly climbing a steep learning curve.

View my LinkedIn profile:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>