What’s the difference between data sovereignty and data safety?
By Protonet Team. Published 13. June 2016.
If you use cloud storage in any capacity, data security may naturally be a concern. Data safety, though, shouldn’t be confused with data sovereignty, despite the two sharing core similarities. Know the difference to ensure the safety of your data while remaining in compliance with governmental regulations.
Data safety
Data safety is practically any step taken you take to safeguard personal or company data. Data safety may include:
- Using Full Disk Encryption (FDE)—Data stored in the cloud could still make its way into your personal devices, such as your laptop or smartphone. FDE encrypts an entire hard drive, including the operating system and applications. Newer devices may already have a hardware encryption system installed.
- Enabling remote wipe—Remote wiping is especially important for mobile devices. An estimated one-third of smartphone owners have reported losing their devices or having them stolen. Whatever data is on the phone becomes vulnerable.
- Passcode wiping—A feature similar to remote wiping, passcode wiping automatically erases data when an incorrect pin is entered a certain number of times.
- Following best password practices—You should be familiar with the drill here: never use the same password for multiple accounts. Be sure the password includes capital and lowercase letters, numbers, and symbols. Passwords should also be changed every three months or so.
These are just a small handful of data safety practices. Other methods include:
Refraining from using Dropbox to store sensitive data
- Using a search engine like DuckDuckGo that doesn’t store your search history
- Hiring an ethical hacker to pinpoint vulnerabilities within your system
- Opting for private, in-house cloud storage
- Communicating via collaboration software instead of unsecured email or social network
Data Sovereignty
Data sovereignty is also about data security, but while data safety are steps implemented by individual companies and users, data sovereignty is regulated at the government level.
Essentially, data sovereignty is a set of laws that govern the rules that public cloud storage providers are required to abide by, in order to define who has control over and access to cloud-stored data. Terms have traditionally stated that digital data is subject to the laws of the country in which it is located.
Many concerns about data sovereignty are about upholding privacy regulations and stopping foreign countries in which data is stored from subpoenaing, accessing or demanding access to it.
One such law is the enforcement of a national cloud system, which countries like Canada, Australia, and Russia have already put into practice. Another example is the Safe Harbor laws in Europe. The law states that cloud services and data storage centers must be physically located within the country in which they operate. This is enacted to prevent foreign governments from snooping, which has become a huge concern amid the Edward Snowden revelations.
Your best bet? Follow data sovereignty laws of your country while implementing individual data safety measures at your company level. This way, you duly protect against data thieves and would-be snoopers of any kind, be they individual hackers or government entities.
