Map of the world with location markers. Photo by Photo by Martin Sanchez on Unsplash

August 25, 2021

Do you know where your data lives? You should. Here’s why

by Jennifer Jarvis and Navneen Kaur, at Accelera

Location matters.

If you're a small- to medium-sized business owner and use a database for your company’s information, you likely don't spend much time thinking about it. If your database is doing its job — housing and allowing access to your data — there's really nothing else to consider, right?

Not always.

There are actually two key things to keep in mind when it comes to your data: ownership and residency.

  • Data ownership refers to the data you own and how you access it.
  • Data residency is where your data is physically stored, and the legal or regulatory requirements imposed on it by the country or region where it resides.

Many smaller companies use SaaS-based solutions to house data, which can be great options in today's market. They are easier to install, don’t require technical know-how or resources, and are cost effective. No one can do business without a cloud-based solution these days.

But there can also be potential downsides to a plug-in solution like SaaS. Mainly, data residency and ownership can sometimes be nebulous. And when it comes to your precious data, “cloudy” is not where you want to be.

Here's why. Many company owners assume that their data is housed in the country where they live and that they can access that data whenever they want. In some cases neither is true — and owners only discover the ramifications when a change is needed.

Let’s explore what that means.

Data ownership

Even if you’ve established that you own your data, do you have agency over it?  Most vendors still place data in the possession of the end user, but it's important to review the service contract to understand exactly how your data will be used. If you are storing a large amount of business-critical data with a SaaS solution provider, consider these questions:

  • How quickly can you gain access to your data if you need it? 
  • If you want to change solution providers, how easily can you extract your data for use elsewhere? 

Data residency

Depending on what type of cloud hosting and data storage you choose, your data could be stored on servers in another country. For example, while there is no mandate for Canadian businesses to store their data in Canada, keeping it outside of the country comes with potential risks. Consider this

  • The laws of the hosting country may not provide adequate protection required by your home country’s regulations
  • If the hosting country becomes politically or economically unstable, your data could fall into the hands of an organization you might not know or cannot reach. 

And it can get trickier when you look at who owns the data centre. For example, if your data is physically stored in the UK, but the data centre is owned by a US-headquartered company, the US government may have the rights to access your information under the CLOUD Act.

Questions to ask

So what can you do about data residency and ownership if you are exploring new technology solutions or reviewing your existing SaaS setup?

Start by doing your due diligence to determine your own requirements. Are you part of a highly regulated industry like financial services? Do you process and store personal and/or sensitive information? Speak to your SaaS provider and see whether they can work with you on the following key areas — some vendors may be able to offer suitable solutions:

  • Where does my data live? If the data isn’t stored in Canada by default, ask about the data protection laws in the country where it will be stored.
  • Does my provider support specific Canadian requirements? Also check into the availability of backup copies and where they are they stored.
  • Who owns my data? Review all legal agreements to ensure you have complete control of your data, and when and how you access it. If you change service providers, how does the vendor provide you with your data?

If you’re looking for a new solution, consider your own database (most big organizations have their own), whether cloud-based or on-site. This ensures that all your data is fully owned and controlled by you, and it lives in your country.

Many of our clients at Root opt for their own database, which is integrated with their systems. This allows for aggregated data that can be used for reporting, and dashboard visibility across the business. If our clients want to remain with their cloud-based setup, we can conduct technology assessments to uncover and identify any challenges around their data and provide advice.

When it comes to protecting your valuable data, residency and ownership are critical. However so is data security.

We’ll cover that in an upcoming post.

 

Navneen Kaur is the Technology Lead & DevOps Engineer at Root
Jennifer Jarvis is Head of Channel Partnerships at Root

Binary code with a heart overlaid