The following article originally appeared in the IT Pro Portal on September 18, 2014:
Scotland goes to the polls today to vote on independence from the
Union. If a ‘Yes’ vote is passed, it will throw into question the massive issue
of data sovereignty.
It’s a curious notion, and one that both Whitehall and Holyrood
have not publicly answered. If we consider the consequences from a data
protection perspective, they are incredibly complex. Especially as the EU Data
Protection Directive mandates that data cannot be transferred outside of the
28-member states territory. This means that organisations need to prove where
their data is at all times. Scotland, as part of the UK, is presently an EU
member but this could quickly change, as only last night the Telegraph reported that Spain’s European Foreign Affairs
Minister said that a separate Scotland would need to wait five years for EU
membership and join the single currency.
The next wave of EU data protection reforms will introduce further
enforcements around information crossing borders. The fact that the majority of
business communications are digital by nature – such as email and productivity
tools like Microsoft Word and Excel – and are effectively borderless, these
carry more problems for data sovereignty compliance. When these reforms were
first suggested last year, the Direct Marketing Association said it was
‘”strict and unworkable” and claimed that it would cost UK businesses an
eye-watering £47 billion in lost sales and regulatory costs.
Today your data may be based in the UK, but tomorrow, will it be
in England or Scotland? The key is allowing companies from either country to
pick where they want their data to live and guarantee that it resides there.
A ‘Yes’ vote will mean that the data will have to be migrated. But
to where at this stage can only be speculated. What we do know is that for
companies that want to move their data from Scotland to England, capacity and
power availability within the Greater London M25 belt will be under extreme
pressure. If Scottish data needs to head north, then perhaps the challenge
isn’t quite so unwieldy. Scotland’s climate is well-suited for cooling
power-hungry server farms. It boasts a thriving data centre economy, with
substantial investment pumped into the hundreds across the country, with some
areas even building new locally-generated renewable energy-based data centres,
which are expected to go online next year. Scotland’s digital sector is worth
around £3 billion to the economy and boasts over 73,000 jobs. For a population
of just over five million, it’s certainly a healthy industry.
The nationalist campaigners suggest they could transfer Scotland’s
data from Whitehall systems by 2018, but this is likely to result in
considerable disruption to public services, not to mention commercial
implications for organisations that own or host from data centres based there.
Over time, these issues will have to be remedied. The result will be that data
sovereignty will become a board issue and part of future business and legal
operations as principle. But this is not necessarily a bad thing.
The recent spotlight on data sovereignty originates from the
much-reported WikiLeaks and Snowden affairs and the US’ National Security
Agency spying revelations. These stories have created such a wake that,
according to ResearchNow, a quarter of UK companies are now
expected to pull their data out of US data centres. Protecting the integrity of
data is definitely at the top of the corporate agenda and it requires
sovereignty and security embedded by design.
If Scotland does separate form the UK and takes a while to decide
how it wants to pursue its membership with the EU, it will mean that all data
housed in Scotland from another country’s origin would need to move inside the
EU. An alternative is that a provision could be made for its own data
protection regulation but this would need to be written and ratified – a pretty
costly and complicated exercise, never mind the process of data migration.
Given that both England and Scotland speak the same language means
that the information doesn’t need to be translated, but that also makes it more
difficult to separate Scottish data from English data. The challenge will be
organising and sorting through Petabytes of data and establishing whether it
originates from England or Scotland. There are obvious clues, such as place
names and cultural references, that will help with labelling but in reality
this particular job is for humans who unfortunately are inherently unreliable
when it comes to organising information. Auto-classification tools on the other
hand typically deliver 80–90 per cent accuracy, as opposed to human
classification, that on average results in 60 per cent of information being
properly classified.
For the whole of the United Kingdom to adhere to
data protection laws and deal with the sovereignty of data requires a strategic
view when it comes to managing enterprise information. As far as Scottish,
Welsh and English borders are concerned, the task of migrating so much
information will be a tremendous undertaking. Let’s hope we don’t get to that
stage.
No comments:
Post a Comment