Data governance: ‘safe’ or ‘private’? Pick one.
Fri 29 Jul 2016
It’s no surprise, perhaps, that since Switzerland’s reputation as an opaque global banking repository was downgraded due to global pressure about corporate tax evasion, it has sought to transfer its former banking cachet into the data governance space.
Yet when Estonia – subject to inordinate cyber-attacks in recent years – recently announced that it was seeking safe harbour for its citizens’ data, it short-listed the UK and Luxembourg. According to one survey (by a Swiss data centre provider) the UK is ranked a fairly pathetic 24th in terms of being a ‘safe’ location for data, with Luxembourg in 4th place.
In fact, if you believe the figures, the UK is actually a less safe place for Estonia to store its data than Estonia itself, which is ranked higher (considering the survey’s provenance, it’s no surprise that Switzerland won the No.1 spot).
But the crucial factor in choosing a nation to host your data is the nature of the threats you are trying to protect it from. In terms of actual data breaches, the UK is very far from the worst offender in the hacking scandals of the last two years – continental Europe and America have provided far more headline fodder in this respect.
In terms of whether or not large concerns in the U.S. are likely to receive British cooperation regarding access to Estonian data, the UK remains a very poor choice, and Luxembourg isn’t much better (Ireland is currently ranked as a higher security risk than the UK, though Microsoft’s recent victory at the United States Court of Appeals may alter that ranking soon).
As it stands, the nations with the highest political global presence are investing the most heavily in cybersecurity, but also tend to cooperate among themselves (in terms of investigatory reach) to an extent where privacy and legislative concerns may outweigh security factors. I guess Estonia has a pretty clear conscience.