Sec 701 - Data Considerations
-
Hi Anthony,
Now that you’ve had time to think over Sophie’s question on data sovereignty, could you please provide a final answer on the topic?
In the video you said from what you know it is the federal level that we worry about.
I am thinking that for the US, it would be at the state level.
Which is correct?
Thank you,
Shahla
-
@Shahla-Pirnia,
I'm no Anthony Sequeira, but there are questions of jurisdictions,cross-border data transfers, data residency requirements, local, state, and federal laws, multiple law enforcement agencies, data replication and backup issues that also may have to comply with local data protection laws. All cybersecurity professionals will more likely be on-boarded into a company that will help them to ensure legal compliance, data protection, and incident responses that are appropriate when dealing with issues of data sovereignty. -
-
Hi Shahla!
Thanks for the great question. Yes - as Ronnie said - it can go all the way down to the LOCAL level.
Where the FEDERAL or NATIONAL level becomes such a big deal is with public cloud. This is because the Big Three of AWS, Azure, and GCP only allow you REGIONAL placement of data. For example, if I need to make sure I am storing my data in Ireland in AWS - I can select the Ireland region. There are three availability zones in Ireland that I can choose from - the but the exact location of the AZs is not provided. I can just make sure the data is in Ireland.
When we are operating outside of the cloud - we need to be sure we comply with any and all rules right down to the LOCAL level.
Thanks again for the great question!
-