In the abstract, the Internet and cloud applications are vaporous and hard to pin down. Data is not always stored in one location and does not follow a predefined route from one location to another. For lawyers, this makes cloud applications seem like a potential legal liability. If you don’t know where your data is stored or where it is, how do you know what laws it might be subject to?
Cloud Data Storage
This week, the Law.com article Why Companies Should Know Where in the Cloud Data Are Stored, is the latest in a long string of legal articles on this issue. The article notes that if cloud data is stored internationally, it is subject to the privacy laws of these international jurisdictions. But while the question of data crossing international borders is an interesting hypothetical question and makes for lively discussion, it is largely irrelevant.
Geographic Control Is Yours
Email backup providers, data hosting services, cloud applications, and other Internet services certainly take advantage of multiple data centers for their services, but crossing international borders is not common. The Internet architecture is such that storing data internationally doesn’t make economic or practical sense. For example, Nextpoint relies on Amazon Web Services for secure data storage across multiple geographic Regions. Each Region offers independent data center services in two US Regions: East (Northern Virginia), and the West (Northern California). Separately, AWS has three international Regions, the EU (Ireland), Asia Pacific (Singapore) and Asia Pacific (Tokyo), but data from the US Regions do not cross over to international regions unless the customer wants it to.
With AWS, users select the acceptable geographic jurisdictions for data storage. Data is not replicated between Regions unless proactively done so by the customer, allowing customers to know their data is always stored domestically. In this way, Nextpoint has complete control over where customer data is stored. All Nextpoint servers are in the United States and in case of failure, automated processes move customer data traffic away from the affected area to another domestic data center.
If you’re concerned about where your data is stored, make sure to ask any cloud provider if they store data in non-U.S. locations. Geolocation is an interesting subject to think about, but as a practical question for business users, it is not a pressing or immediate concern.