It’s 10:00 PM. Do you know where your data is?

February 14, 2018

Many businesses are moving, or have moved, their data to one of the various cloud servicing companies, like the Google Cloud Platform, Amazon Web Services, Apple iCloud, and Microsoft Cloud. Depending on which cloud service provider you use, your data could be segmented and stored on a number of different servers in the United States, Belgium, China, Singapore, and other countries. Anyone caught hacking a server in the United States has violated criminal and civil anti-hacking statutes, and can be looking at hefty fines and prison time. But what happens if a hacker in Russia attacks a server farm in Taiwan, and unlawfully accesses your data stored there? American laws do not apply to deter or punish those activities. Instead, one must rely on local authorities in those countries to enforce their own anti-hacking statutes, assuming such laws exist.

Of the various cloud services, the Google Cloud Platform seems to be the most transparent. Google stores data in what it calls bucket locations, or server farms, in the United States, Canada, the European Union, Asia and/or Australia.[1] The Canadian server farms are in Montreal; the European Union servers are in Belgium, London, Frankfurt, and the Netherlands; the Asian servers are in Taiwan, Tokyo, Mumbai, and Singapore; and in Australia, the servers are in Sydney.

Microsoft, on the other hand, does not publish where its servers are located, citing security concerns. If you use Microsoft to store or backup data, your data could be anywhere.

Just because Google is transparent about the location of its server farms does not mean your data is safer. Likewise, the mere fact that Microsoft keeps the location of server farms “secret” does not mean your data is any more (or less) at risk. In situations where the hacker and the server farm are located outside the United States, the hacker is not subject to American jurisdiction.

Other questions concerning third party data hosting arise, such as whether the server farm is owned by the hosting company (i.e., Google, Amazon or Microsoft) or whether the hosting company uses third-party contractors in foreign countries to store data. It is quite possible that a Taiwanese-based company owns the server farm. In this situation, the hosting company has entered into a contract with the Taiwanese entity to use its servers. The agreement between the hosting company and the Taiwanese-based contractor likely has many provisions dedicated to security standards and protocols. Or, at least, it should have those provisions. The typical small business will never know.

So, it’s 10:00 PM, and now you know where your data is: Scattered across numerous servers from South Carolina to Taiwan with some of it probably residing on servers owned by a foreign company operating under a contract with your name-brand cloud hosting company. Feel better now?

To address these issues, our attorneys offer data management legal services. Contact our team for more information today.

[1] https://cloud.google.com/storage/docs/bucket-locations

Recent Posts

Kennedy Law Wins Final Judgment for $6.5 Million

DALLAS--(BUSINESS WIRE)--Dallas-based law firm Kennedy Law, P.C. announced that it won a final judgment for $6.5 million for Commerce Street Capital against First United Bank & Trust Company and Durant Bank Corp. for breaching an investment banking agreement. The...

Hate Speech, The Sequel

On July 20, 2017, I posted a blog entitled Hate Speech Online. That blog recounted the disastrous consequences that one potential client endured after posting a hateful statement on Twitter. A third party that the potential client did not know re-posted the tweet for...

Should I Sign an NDA with My Employees?

There are a number of different situations in which you, the employer, may find it necessary to sign a non-disclosure agreement (NDA) with your employees. You want to develop trust with your employees, but you also want to be sure your business information is...