- Security TWENTY
- Women in Security Awards
Three components make up the concept of privacy: laws, customs, and expectations. Each of these components varies across geographic regions, generations, and groups. But to meet these diverse expectations, companies processing personal information need to offer their customers regional solutions, writes Peter Day, Head of Privacy and Security at analytics firm Mixpanel.
Enter data residency.
Data residency is the storage of personal information within a particular geographic location where that data is processed in accordance with the local laws, customs, and expectations. Selecting providers with a data residency solution will enable companies to satisfy their customers’ increasingly regional expectations of privacy—especially when paired with a robust, globally-focused privacy programmes.
Geographies’ relevance to privacy in the information age is becoming more important. While large, multi-national privacy regulations like the GDPR or major laws like the CCPA make headlines, there are countless smaller, regional laws and customs that often overlooked.
This explosion in regional privacy laws has left many companies wondering how to do ensure compliance in an increasingly complex regulatory environment. They rightly question how a business can offer services globally while respecting the wide—and sometimes conflicting—array of local privacy laws and customs.
Data residency is a big part of the answer. Here’s why:
– Localised solutions: Companies can navigate the regulatory differences across multiple geographies by building services designed to respect regional privacy differences. Given the variance of privacy expectations across the globe, services processing personal information should be built to respect these regional differences. What may be seen as an acceptable use of personal information in California could be controversial in Germany and vice versa. A service supporting data residency allows processing to be tailored to regional expectations through internal processing decisions.
– Rising regional differences: Predicting changes in the regulatory climate may not be a priority for companies, but if the last five years are any guide, regional differences in privacy laws are likely to increase. Working with service providers that support data residency helps ensure that information can be collected, processed, and stored in a way that meets different expectations.
– Customer expectations: Despite the fact that how privacy is defined can vary from region to region, it’s clear that there’s one thing everyone, everywhere agrees on—that privacy is important. Supporting data residency sends customers two signals. Firstly, a business supporting data residency respects privacy (however defined). And secondly, a business in favour of data residency can meet regional data protection and privacy requirements.
It’s also important to remember that data residency programmes also have benefits outside of meeting local security needs. International data centres enable companies to deliver more efficient data processing times since information doesn’t need to move across continents and back, in order to be processed. This enables more responsive analytics, not to mention a better user experience for the customer.
Companies investing in data residency are not only offering compliance for near-term programmes like GDPR or CCPA but are creating initiatives to provide a better product for their customers now and into the future.
About Peter Day
Peter Day is Head of Privacy and Security at Mixpanel, where he leads global privacy and data security teams focused on data protection, such as data subjects’ rights and designing security controls. Before joining Mixpanel, Peter worked as the Privacy Officer and Deputy CISO at the Federal Reserve Bank of San Francisco.