territory of storage [English]

Syndetic Relationships

InterPARES Definition

n. ~ The polity or region where data is housed and, as a result, has jurisdiction over access and use of the data.

Citations

  • Brandel 2008 (†613 p.28): Cloud vendors today have a U.S. centric view of providing services, and they need to adjust to the response-time needs of users around the world, says Reuven Cohen, founder and chief technologist at Enomaly Inc., a cloud infrastructure provider. This means ensuring that the application performs as well for users in, say, London as it does for those in Cincinnati. ... Worldwide optimization can be accomplished either by situating servers globally or by relying on a Web application acceleration service, also called a content delivery network, such as that of Akamai Technologies Inc. These systems work across the Internet to improve performance, scalability and cost efficiency for users. Of course, situating servers globally can raise thorny geopolitical issues, Willis points out. Although it would be great to be able to load-balance application servers on demand in the Pacific Rim, Russia, China or Australia, the industry "isn't even close to that yet," he says. "We haven't even started that whole geopolitical discussion." In fact, Cohen points out, some users outside of the U.S. are wary of hosting data on servers in this country. They cite the USA Patriot Act, which increases the ability of law enforcement agencies to search telephone, e-mail communications, medical and financial records and eases restrictions on foreign-intelligence-gathering within the U.S. The Canadian government, for instance, prohibits the export of certain personal data to the U.S. "It's hazy and not well defined," Cohen says of the act. "People wonder, 'Can they just go in and take [the data] at a moment's notice, with no notification beforehand?' That's a whole second set of problems to be addressed." (†1575)
  • Hon, et al. 2011 (†692 p.216): The European Commission considers transferring key-coded data to the USA (without transferring or revealing the key) is not personal data export subject to Safe Harbor principles.61 WP136 considers itself consistent with this view as recipients never know individuals’ identities; only the EU researcher has the key. (†1578)
  • Kushida, et al. 2011 (†691 p.219): Major Cloud service providers such as Google and Microsoft distribute their datacenters across the world. A Hotmail or Gmail user never knows on what server, in which datacenter, and in which country their mailbox is stored. The technological advantages to this approach include significant levels of fault tolerance and disaster protection, a more responsive user experience regardless of location, and the ‘illusion’ of limitless scale provided by these services. However, every country in which the services are consumed, or in which the physical datacenters reside, has its own set of local policies and regulations bearing directly on electronic service provision and data protection. Legal issues such as information privacy, security, and legal jurisdiction are highly nation specific. In the US, for example, the Patriot Act allows the US government to demand disclosure of any data stored in any datacenter, anywhere in the world if that system is operated by a US-based company, broadly defined. That single law places US-based Cloud service providers such as Google, Microsoft, Amazon, and others at a great disadvantage when competing for business in foreign markets. Governments, even close allies, will think twice about using US Cloud providers if their sensitive data can fall under the reach of this act. (†1576)
  • Kushida, et al. 2011 (†691 p.219-220): Europe is a challenging regulatory environment for Cloud providers, with stringent data privacy regulations and substantial differences between individual states. In many European jurisdictions users must actively consent to the collection and storage of their personal information. Providers must disclose on request what information is stored and in general, data about European citizens may not be stored or processed outside EU borders. Legal issues surrounding international jurisdiction and accountability have yet to be settled. For example, it is still unclear which rule of law applies for the arbitration of contract disputes–the country in which the service is consumed, or the country in which the service originated. In other words, is it Microsoft’s datacenter in Singapore or the US in which Microsoft is headquartered? (†1577)
  • McLelland, et al. 2014 (†690 p.8): Territory of Storage requires language that guarantees the political territory where records will be stored and backed up throughout the entirety of their life within the cloud service (i.e. would the records be stored in the United States, the European Union, etc.). This category was chosen largely due to the requirements found in legislation and directives, such as the European Union Privacy Directive Article 25, or the requirements for public bodies of British Columbia to store personal information within Canada (British Columbia Freedom of Information and Protection of Privacy Act, Section 30.1). (†1574)