Data Protection

By Tyler W.

Aprial 07, 2021

Data Protection

Do you know where your data is stored, or what servers is passes through? You should, but unfortunately it is not an easy process. That notwithstanding, it is an exercise we should all undertake.
Locating the Country of your Cloud Data

Knowing where your data is stored is arguably one of the more difficult aspects of a technology solution. You may not consider it overly important, but if you are dealing in sensitive data, you want this information to travel as short a distance as possible, and certainly to be limited to your country of residence. Depending on your industry this may or may not be a requirement, but regardless it is good digital hygiene to know where your data is at rest. Data protection is important!

It is of critical importance, where your data is at rest, and what servers it passes through, as different countries / jurisdictions will have different compliance rules with authorities. You want your data to be in a location where you have an understanding of your requirements, and the law’s authority to access your data also.

As an example, would you want your data to reside in China or Australia if given the choice. Whilst that may seem a straight forward analogy and an easy one to answer, the real answer to that question when dealing with software vendors is in their terms of service, end user licence agreement and privacy policy. That is where they must detail where your data ends up, or may be transmitted to. However, the issue exists when they put in vague language such as “we may share your information and data with other members of the group”, and then suddenly you are having to identify any and all subsidiaries and parent entities of the company you are looking to engage. A time consuming and arduous task, but one that is required for data security.

Can you imagine my relief when I went to find where information from Microsoft was stored (after investigating if Teams data from Australia was actually stored in Singapore – it isn’t) and was presented with the following information?

Where is tour data at rest? It should be your country of origin, and the responsibility is on you to find out!

This, to me, is how transparent every entity should be when dealing with your data, and we should demand this as end users. As we have stated many times, we are responsible for our own data, and our client’s, and no one can abdicate responsibility entirely to a software vendor. I implore you to go, investigate and locate where your data is stored!

If you are a Microsoft user, it is as simple as logging in to your Office 365 Admin Centre going to “Org Settings”, selecting “Organisation Profile” and finally “Data Location”. You should be presented with an image similar to the above, and will hopefully provide no surprises for you!

As always, if you need any assistance with any of these privacy matters, please do not hesitate to reach out the Cyberwise team.