The issue of data sovereignty
As the concept of the cloud, especially the data cloud, grows, the physical location of the storage is supposed to be unimportant. The whole notion of the cloud is to “trust your data to us, and don’t worry about the details”.
But, laws around data retention and storage may not see it that way. A recent article out of New Zealand talks about data sovereignty issues surrounding rules by the tax authority:
It is the Commissioner’s view that only business records stored in data centres physically located in New Zealand will comply with the record keeping obligations in the Inland Revenue Acts. Taxpayers are responsible for ensuring they comply with their record keeping obligations. Therefore, taxpayers using a cloud computing service will need to be satisfied that all their business records will be stored in data centres located in New Zealand
While this particular issue is probably going to be an easy one to address, it does bring up a number of questions. The most interesting one I’ve been thinking about lately: When an entity owns data, but that data is located outside of the country, what laws are that data subject to?
It’s a loaded question, and not an easy one to answer, because laws are subject to change at any time. Microsoft’s stance with Azure is to let users choose what data centers to keep their data in. But that also breaks the more abstract premise of the cloud.
What are your thoughts? Does the end location of the data matter? Would you prefer to keep business data out of certain countries?