Grounded in the Cloud
Showing results for 
Search instead for 
Did you mean: 

Data Sovereignty and Data Privacy


Last week, I had the opportunity to speak on a panel for the British American Business Council on Cross Border Data Transfers, or Data Sovereignty.


Data sovereignty is the discussion around how data that has been converted into some digital form is covered by the laws and regulations in which it is located. And the laws and regulations are in a constant state of change, as recently demonstrated by the European Court of Justice declaring that the Safe Harbor Decision was invalid and has led to renewed discussions between the European Commission and the United States on an acceptable framework. These Safe Harbor discussions are of particular interest to multi-national corporations with significant data footprints in the EU, as it may dramatically alter how and where they can (and can afford) to do business). 

Companies that are adopting cloud infrastructures are directly affected as many cloud providers have multi-national infrastructures. Therefore, companies using these cloud providers are very interested in how the cloud providers will meet these evolving regulations.

While data sovereignty issues are debated in the EU, new data privacy regulations are being proposed here in the United States.

On March 31st, the FCC proposed new regulations on how Internet Service Providers (ISPs) are allowed to use customer data.  Specifically, the FCC will require ISPs to receive customer permission before using the data collected by ISPs or passing it along to third parties for use.

Data sovereignty and data privacy are huge issues within the Information Security universe at the moment.  I will continue to try to stay on top of the latest news and updates on this ever evolving topic.

In the meantime, as I mentioned above, I participated on a panel of experts discussing data sovereignty. The video below is the entire panel discussion. It may be a little long, but very much worth viewing as it does a great job of summarizing data sovereignty concerns and some of the likely directions that the EU Commission is likely to take.

You can find the video here:


0 Kudos
About the Author


Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all