Guest Column | August 2, 2021

How To Plan For Data Sovereignty In Multiregional Migrations

By Khan Klatt, BitTitan

science formula data iStock-1047349788

Migrating data can be challenging, especially when it involves moving it between regions or nations. If the data is moving across jurisdictions, chances are you'll encounter at least one new set of privacy and security rules and regulations—perhaps more.

States, countries, continents, and even some cities, pass myriad and sometimes conflicting regulations governing how corporations, industries, or citizens manage data. And these rules apply even when the data resides on servers outside the physical boundaries of their actual legal jurisdictions.

In some cases, moving data from point A to point B may be fundamentally problematic. When preparing for migrations, IT professionals and managed service providers must evaluate several data sovereignty considerations to be successful.

Data Transfer And Consequences: Complexities And Considerations In Moving Data

The fundamental rationale of data sovereignty requirements, especially where jurisdictional mandates overlap, is who ultimately has legal authority over access to data. Two key factors to demonstrate responsible stewardship over data are the security and privacy of data residing in any given locale. But maintaining security and privacy protections is rarely straightforward. Lawmakers and regulators worldwide are generally not tech-savvy and struggle to keep up with rapidly evolving technology and data usages.

Further complicating matters is that the business landscape may require multiregional or multinational companies to migrate data following a merger, acquisition, or reorganization, potentially putting them at odds with local strictures.

In addition, laws mandate that government entities, universities, banks, insurance companies, and others keep their data and infrastructure within their own country, forbidding data storage, however temporary, in other lands.

As you develop your point-to-point migration strategy, work with your legal department to understand the laws and regulations governing the data in both the originating and destination jurisdictions. Bringing in local counsel versed in data security and privacy law may prove a worthwhile expense.

4 Critical Questions For Planning Your Migration

Even though data migration may be an isolated event, it should adhere to the organization's overall data governance policies. Keeping this focus helps avoid unpleasant surprises such as finding your carefully planned migration has violated organization policy, or even worse, laws and government regulations.

Along with understanding the governance framework, it's essential to know the answers to these questions:

  • How is your data classified? Different rules apply to different types of data from both an organizational policy and a regulatory perspective. What portion of the data is sensitive, and for what reasons? How will you protect and handle that information?
  • How much data do you need to transfer? Moving nonessential data is a potential liability you may wish to avoid, but suppose retention of information is desired for historical or archival purposes. In that case, you may want to house it securely in its existing domicile, either permanently or for later transfer.
  • How can you minimize access? Develop a risk management plan ensuring that only the minimum number of people have access to the data and then manage migration credentials, giving the team unique credentials that can be deactivated when the project is complete. And be sure that when you store them, they are encrypted. 

Also, you can consider moving migration services or servers into the receiving jurisdiction. By minimizing the number of borders the data must cross, you can eliminate some risk and the time required to hold the data. Ideally, you want to keep the data only long enough to transfer it to its final destination.

  • What happens to the data in transit? Encrypt the data while it is in transit so that it can't be compromised. Ensure that no copies of the data reside on any servers it may have encountered on its journey. Look at decommissioning and sanitizing the old infrastructure and destroy any remaining unneeded or unwanted data.

Helping Data Travel Safely: How To Make Data Sovereignty An Integral Part Of Your Strategy

One of the most important ways to ensure the compliant migration of your data is to select a solution partner that maintains a relentless focus on data sovereignty.

Partner with IT professionals who understand data sovereignty and the constraints of your environment so you maintain control over your data. They can help you clearly understand the regulatory imperatives that exist in your chosen—or required—data destination.

Maintaining data sovereignty is an involved process that requires careful consideration of the varying regulations that apply to different geographies and jurisdictions. It's essential to be aware of how authorities operate in differing locations. With foresight, expert guidance, and a well-considered plan, you should be able to move your data safely and legally—wherever it's going.

About The Author

KhanKhan Klatt brings more than 25 years of diverse technology experience to BitTitan as director of engineering. His strategic planning, management, and architecture expertise is instrumental in his leadership of DevOps, release management, security, software engineering, and IT operations. Before BitTitan, Khan served leadership roles in the education technology and digital media entertainment sectors.