Lack of understanding of US CLOUD Act poses a security threat to UK Business Data

By PrivSec Report2020-04-01T14:52:00+01:00

No comments

New research from cloud and hosting services provider, IONOS, has found that 44% of IT decision makers (DMs) in the UK don’t have a comprehensive understanding of the US CLOUD Act, ultimately putting their data at risk.

The survey, which polled 500 UK IT DMs, explored the industry’s understanding of key data legislation, attitudes towards data storage and cloud services usage.

The US Clarifying Lawful Overseas Use of Data known as CLOUD Act has been a controversial topic since it was passed by US congress in 2018, and even more so since the US and UK signed the CLOUD Act agreement almost six months ago. One key element of the legislation gives US law enforcement authorities the power to request data stored by most major cloud providers.

However, almost half of UK IT DMs (47%) are not actually aware that US cloud hosting providers may be required to disclose customers’ data under the legislation, stored inside or outside of the US, irrespective of GDPR rules.

In contrast, and highlighting the dominance that GDPR has taken in the attention of IT decision makers, 92% of respondents claimed to now have a comprehensive understanding of the EU regulation. While questions have been raised about changes to the legislation post-Brexit, UK businesses must continue adhering to GDPR throughout the Brexit transition period. It’s also expected that the government will include GDPR within the existing UK Data Protection Law so it continues to be enforced after the transition period ends on the 31st December.

Surprisingly, when also questioned about what data businesses store in the cloud, 54% were willing to store personal customer and employee information, and 50% payment information or payroll and accounting data.

“GDPR compliance has been a key focus for many European and Global businesses since it was introduced, but IT professionals are under pressure to keep up with the constantly evolving data security landscape,” explained Achim Weiss, CEO at IONOS. “The US CLOUD Act adds another layer of potential misunderstanding for those hosting with US cloud providers. The only option to immediately minimise risk for EU businesses is to choose European providers that only follow GDPR.”

“What’s also obvious from the findings is that there’s a clear inconsistency between businesses wanting to prioritise data privacy and security, and the actual reality of the situation. As an industry, there’s a vital need for education around storage best-practice, and ongoing knowledge-sharing around how changing legislation could impact data storage for UK businesses – especially during the current Brexit transition period,” Achim concluded.

Topics

No comments

Article
US utilities struggling to meet demand of energy-thirsty AI

2024-04-19T11:53:00Z

In the US, demands for power are outstripping availability as energy-thirsty technologies such as generative AI pile pressure on national electrical systems.
Article
Banks poised for increased risk due to AI

2024-04-19T09:06:00Z

A leading banking regulator has issued a stern warning over the risks that financial institutions face as they move to integrate artificial intelligence (AI) and machine learning (ML) into governance operations.
News
Chicago Gears Up for GRC Connect: Sharpen Skills, Network, and Navigate the Future of GRC

2024-04-15T11:39:00Z By Jonathan Sumner, Chief Digital & Marketing Officer, GRC World Forums.

Get ready, Chicago! GRC Connect kicks off tomorrow, bringing together the brightest minds in governance, risk management, and compliance (GRC) for two days of insightful learning, valuable networking opportunities, and expert guidance on navigating the ever-evolving GRC landscape.