What is Data Residency? Why is it necessary?

Over the last decade, our society has seen an increase in online organizations selling goods and services to consumers around the globe. Shopping online has become the new normal especially now with everyone working from home and being advised to remain at home with their families to prevent the spread of COVID-19. For companies to offer their products and services online, they must abide by specific security and privacy regulations. Two of the biggest Security standards that companies must follow are the PCI DSS as well as the Privacy Standards outlined by their specific country or region. For Europe, this is the GDPR standards however countries such as Australia, Canada, and the United States have their laws regarding the storage of personal data.

One requirement which has recently come to light in recent years is Data Residency. Data residency refers to the physical location that is used to store an organization’s data. Since most companies use cloud-based software and data centres to collect and store their data it can be hard to determine where the data is held and what laws apply to that data. Throughout this blog, we are going to review the importance of data residency and the benefits of choosing where your data resides.

When it comes to storing client data there are many aspects to consider, such as what software or services you will use to collect the data from the client and once collected what security guidelines are required for storing the data safely. However, one thing which is often overlooked is the location where the data is being stored. Data residency is important for a few reasons, companies may be entitled to different tax benefits based on where their data is located but most important the data is subject to the privacy laws of the country that the data resides. This can cause conflict if they are different from the laws of the country where the organization resides. Organizations that reside in places such as Canada, Australia, and Europe are beginning to insist that their data remain outside of the USA and preferably within their own country.

HPCI Data Center Map

While there are not necessarily strict laws preventing an organization from storing their data outside of the country they reside, provinces, states, and cities are beginning to put standards in place regarding the privacy of their citizen’s data. For example, while Canada does not have Federal laws regarding the storage of citizen data some provinces have created their laws. British Columbia and Nova Scotia require all public sector data to reside in Canada, while Ontario mandates that healthcare information must remain in Canada.

Like Canada, Australia has also seen an increase in regulations outlining the requirements around keeping data within their borders. In 2014 Australia made some major changes to the Australian Privacy Principles regarding the collection, storage, and use of personal information and cross-border disclosure of personal data. Europe has also increased its guidelines around the collection and storage of personal information gathered by companies with their new GDPR standard. While GDPR does not specifically state data residency rules it is encouraged to keep all data within Europe, the EU Court of Justice has just announced the invalidation of the Privacy Shield between the US and the EU. With this news coming to light in July of 2020 organizations could see a change to how and where their data can be stored. With all this in mind, HostedPCI is now providing companies with the ability to choose where their data is being stored.

HostedPCI has launched three new data centres around the world, one in Canada, one in Australia and one in Europe. Our clients will now be able to select which data centre they would like to use to store their data. So how does it work? Essentially HostedPCI needed to not only set up new data centres around the world but also keep all data flow inside that given country. When companies select one of our four data centres they will be provided with an iFrame, IVR and tokenization vault for that specific country that way as the data flows from the collection process to the storing process it never leaves the selected country. Organizations also have the ability to use multiple data centres depending on the different departments of their organisation or vendors they work with. HostedPCI is dedicated to giving organizations back control of how and where their data is collected and stored. Contact us today to find out more.