How is the European Safe Harbor ruling affecting your IT strategy, I&O function, and cloud computing / data storage practices? If this is new to you, last year there was quite some fuss over “a court ruling striking down rules for data transfer between the U.S. and Europe [that] will create short-term uncertainty for data center service providers…” (datacenterfrontier.com).
Figure 1. Google search, extremetech.com
According to Forbes, “The court ruled that even if US companies are taking adequate protection measures (and studies show that many are not), the US public authorities are not subject to the Safe Harbor guidelines, thus putting European citizens’ data privacy at risk to US government surveillance” (forbes.com). I have to admit, I didn’t know what Safe Harbor meant when it first came up. As an Enterprise Architect, do we too often overlook security and data privacy matters? Should we pay more attention or leave it to the legal and security guys?
EA Impact?
Where I work, it didn’t take long for functions around Legal, Audit and IT security to respond. There was much more scrutiny on where existing and future data was to be stored. This meant scouring our asset portfolio and service providers to ensure we were on top of the problem. Practically speaking, as an EA working for an international company with a Corporate HQ in France, I’ve not been affected as much as others. Aside from helping to examine which systems might be adversely affected, we mainly kept this security factor in mind during all new vendor and software selection activities. It meant that any cloud hosting provisions by the vendors we were validating had to be anchored in European data centers to ensure the Safe Harbor rules were being followed. How has your organization or EA practice been affected?
Resolution in the Works
As of February 2016, a resolution to the business crisis was reached between EU and US officials, but there’s no obvious time frame for ensuring the agreement is a done deal. Now “the European Commission and US administration must now show total commitment to implementing this agreement and getting trans-Atlantic data flows back onto a secure and stable legal footing” (BBC).
References:
(1) Safe Harbor Ruling. http://datacenterfrontier.com/what-the-european-safe-harbor-ruling-means-for-data-centers/
(2) Safe Harbor Update. source: http://www.bbc.com/news/technology-35471851
(3) http://www.forbes.com/sites/riskmap/2015/10/27/the-eu-safe-harbor-agreement-is-dead-heres-what-to-do-about-it/#40d0bbdb7171