Who Holds the Keys to your Data

We attended PrivSec Global produced by GRC World Forums in November. It was a great conference and we learned about Virtru.

The Digital Dilemma

Enterprises face a predicament: They want to leverage the productivity and security benefits of global cloud platforms but are concerned they will face conflicting legal obligations that put the privacy of customers at risk.

For example, a company based in Europe may find itself in a situation where it’s required to hand over its customer data to the U.S. government.

Why? Because: (a) the leading cloud providers are predominantly U.S.-based and subject to various laws requiring cooperation with U.S. local and federal government entities, and (b) there is currently no multilateral privacy framework.

The absence of a global privacy framework has caused governments to take very different legal and policy approaches to data. For example, The European Union has adopted very strong privacy protections for its citizens, whilst the United States delegates some privacy issues to the individual state level (e.g., the California Privacy Rights Act, CPRA) while taking some actions at the federal level, such as the U.S. Clarifying Lawful Overseas Use of Data (CLOUD) Act in 2018. In 2021, the European Data Protection Board issued a set of
new recommendations for international data transfers, including what kinds of protections are sufficient for protecting private data.