blog

The Pen is Mightier Than Privacy Laws

How will changes in the US' privacy stance impact your security

SIMPLE SECURITY GUIDANCE AND ARTICLES DIRECT TO YOUR MAILBOX

What you need to know to protect your business, de-geeked and accessible to everyone

Subscribe
by Mike Knapp in Business Leaders

In his first week, President Trump signed an Executive Order reversing the EU-US Privacy Shield Agreement.

The agreement was created to enable US companies to provide service to EU citizens by protecting the privacy of EU citizens’ data when both in transit to the USA, and inside the USA for data processing.

The agreement was critical to US companies who provide services to EU citizens and organizations.

Almost every business uses services which are impacted by this change:

  • People use email (office 365, gmail etc) to communicate with friends, family, colleagues, book travel, send agreements – that data is often “processed” in the US
  • Personal data such as health care, disease management is often transferred through US providers.
  • Social Media (Facebook, Whatsapp) track who people know, how they know them, what they do, their opinions

How does this impact you?

There is a massive increase in risk to individuals and business leaders. Any information stored or processed in the US is accessible by the US government. Our dependency on major services, such as Office 365, Gmail, and Facebook means any information they store or process is at risk.

There are still many questions to be answered, including:

  • What happens to the data that is already in the US, and was protected but now may no longer be?
  • What happens when private data is transferred to the US under a privacy agreement and that agreement is lifted?

What do I do?

Any time there are potential or actual changes to data privacy regulations makes it a good time to review your business practices, and process.

Review your business workflow and tools, ensure you are aware of the applications used by your staff (pay attention to BYOD – are you employees bringing their own devices and using applications you are unaware of – a simple IT audit will establish this)

Do you currently work with businesses based in the EU that require compliance with EU privacy laws. Are you pursuing business opportunities that may require adherence to those guidelines ? if so any planning should factor that in.

Do you work with Canadian non profits, or organizations that require local data storage? Are you fully compliant?

Review information you store online and transfer via email and ensure it complies with any end user agreements. Make sure if you are guaranteeing data privacy for data that you collect, that you are using service providers that can meet your promise.

If you have private data that you don’t want accessible by the US, it needs to be moved to a data sovereign service provider as soon as possible.

Specific industries should be focusing on this, including:

  • Medical (or medical related)
  • Financial
  • Legal
  • Technology (cloud delivered)
  • HR
  • Non profit

What’s Next

The major service providers and software companies have yet to respond in detail, but between this and the attacks on censorship and Net Neutrality, expect a drive towards services being hosted outside the US and maintaining data sovereignty.

UPDATE: US judge orders Google to hand over emails stored outside US, potentially reversing the decision Microsoft battled for privacy.

About the Author

As the CEO of Xanity Cloud Solutions, Sarah Morton is trusted to defend the data privacy and sovereignty of dozens of company’s cloud-based assets.

Leave a Reply

Your email address will not be published. Required fields are marked *

SIMPLE SECURITY GUIDANCE AND ARTICLES DIRECT TO YOUR MAILBOX

What you need to know to protect your business, de-geeked and accessible to everyone

Subscribe