Disclosure Rules Changing for Hosted Data

A recent ruling in a case between the U.S. government and Microsoft and a new agreement between the European Union (E.U.) and the U.S. Department of Commerce may reduce some of the data disclosure and privacy risks of using hosted services. Organizations should review how to comply with updated data disclosure and privacy regulations for data they collect, transmit, and store, particularly data in hosted services. Companies should also keep track of impending changes to U.S. law that could affect the risks of hosted services.

U.S. Warrants Limited to Data in the United States

In July 2016, the U.S. Court of Appeals for the Second Circuit held that Microsoft does not have to honor a warrant and turn over to the government certain customer data stored outside the United States. The ruling could protect data stored outside the U.S. from certain kinds of government requests. However, with hosted services, an organization cannot always control where data is stored, as the service provider may manage and control which physical data center(s) around the globe hold different components of an organization’s data. For example, the hoster may replicate the data to one or more data centers for a variety of reasons, such as improving availability or throughput.