Geofencing is a term familiar to marketing folks, as it’s mostly used to describe the process of sending targeted notifications and ads based on a user’s real-time location (for example, seeing an ad or getting an SMS notification about a major sale when in the store’s vicinity).
In data security and archiving, however, geofencing is used to improve data protection by establishing a virtual boundary around a real-world geographical area and keeping the data stored in the given region/location.
For organizations in regulated industries, particularly in healthcare, government, financial services, or education, the transition from on-premise systems to cloud has been slower than in other verticals.
This is because these companies handle a lot of sensitive, protected, and personally identifiable information, and there are factors like compliance and regulations at play. It was simply easier to control this data when it was sitting on local servers.
This is precisely why, when working with cloud vendors, these organizations require the implementation of additional security measures.
- The cloud system needs to meet the requirements of data protection and privacy laws like the GDPR, CCPA, LGPD and others.
- The cloud system needs to have relevant security compliance certifications and be designed in a way to adhere to the principle of “least access privilege”.
- The solution needs to contain security features like two-factor authentication and encryption of data in transit and at rest.
- The vendor needs to guarantee durability and data availability. For instance, AWS, as the highest-rated cloud infrastructure services provider in Gartner’s MQ, guarantees 99.999999999% durability and 99.9% availability.
Geofencing Benefits: From Data Localization to Minimal Data Exposure
Let’s explore some of the biggest advantages of geofencing in data archiving.
Data localization and data residency
As we explained earlier, geofencing involves establishing virtual perimeters around a specified geographic area (typically a country or region).
These controls can contribute to data security through data localization or data residency – the practice of storing and processing data within the defined area so that it remains (or “resides”) within the designated boundaries at all times.
This helps to comply with local data protection laws and gives organizations a greater control over their data while ensuring efficient access and retrieval of the archived records.
Data localization is implemented by establishing data centers and server infrastructures within a given region.
Data sovereignty
Similarly, data sovereignty refers to the idea that digital data is subject to the laws and regulations of the country where it is stored.
For example, when data is physically located in Germany, the German government will have jurisdiction over it and can regulate the collection, storage and processing of that data and can enforce all its data protection policies over it.
With geofencing, organizations can control sovereignty over their data. When it’s necessary to limit the transfer of data from one country, region, or jurisdiction, geofencing prevents unauthorized data transfers or access from outside the specified area.
It ensures that data remains within the organization’s jurisdiction, reducing the risk of potential legal and compliance issues.
Regulatory compliance
Speaking of data localization laws by country, there’s little global standardization in terms of data privacy and cybersecurity. In Europe, however, an EU-wide law was enacted in 2018 – The GDPR (General Data Protection Regulation). The UK has a similar Data Protection Act.
In the US, there’s no federal law that would regulate data privacy, data breach notification deadlines, and information security.
The first US state to enact a data protection law was California in 2020 (The California Consumer Privacy Act – CCPA), while 4 other states (Virginia, Colorado, Utah, and Connecticut) are in the process of introducing similar state laws.
In all other US states, the cybersecurity and data privacy landscape consists of a combination of federal laws and state legislation specific to various industries, each with different extents and areas of jurisdiction.
Logically, geofencing is emerging as an efficient tool to enhance data protection and prevent interception, data breaches, and unauthorized exposure.
Minimal Data Exposure
Finally, geofencing reduces the risk of unintentional data exposure. By confining data storage and processing to a single country or region, the organization can minimize the potential attack surface, as data is not spread across multiple jurisdictions. This way, you can reduce the chance of data breaches and unauthorized access to archives.
All in all, geofencing can be viewed as an important part of an organization’s data security and information governance strategy. For businesses and organizations in regulated industries, geofencing acts like an additional layer of protection and gives IT and compliance teams greater control and confidence in safeguarding the sensitive data in strictly regulated environments.
Jatheon’s cloud archiving solution is built on AWS, and fully scalable using 22 AWS microservices. It’s also multi-zone redundant, with geofencing options around the world.
To learn how your organization can scale data archiving with Jatheon, get in touch with us or book a demo.
FAQ
What is an example of data localization?
Data localization means that you should keep the data in the same region or country where it originated from. For example, if an organization collects data in Spain, then they would need to store it and process it in Spain, rather than have it cross country borders for storage and processing.
What is the difference between data localization and data residency?
Data localization refers to the requirement that all the data that was created in one country needs to remain within that country’s borders. Data residency refers only to the geographical location of the stored data.
Does GDPR require data residency?
Yes. According to the GDPR, all the data that has been collected from and about EU citizens needs to be stored in servers located in EU jurisdiction (or in countries which have signed contracts with the EU with equally rigid controls for data processing.
What is data transfer vs. data localization?
Data localization refers to the location where the data is stored. Data transfer refers to the possibility of data to be moved and disclosed outside the borders of a country or region. The transfer of personal data across the EU’s border is regulated by GDPR articles 44-50.
