Showing posts from April, 2020

How to manage global data under CLOUD Act governance

This post was also published with the Industry Association of Privacy Professionals. It’s common knowledge that the U.S. government, with a subpoena or warrant, can compel companies to disclose data about companies and individuals. All governments have some type of legal capability to request data from information providers. What is surprising to many, even those of us in IT, is that with the 2018 Clarifying Lawful Overseas Use of Data Act , the U.S. government can compel a U.S. company that is hosting data in another country to comply with such information requests. For example, if a Malaysian company is hosting data in Amazon Web Service’s Singapore region, Amazon will have to comply with U.S. subpoenas and warrants to disclose the data. The CLOUD Act was passed to amend the Stored Communication Act of 1986, after Microsoft took a case all the way to the U.S. Supreme Court to not disclose data that was stored on a Microsoft server in Ireland. There are also similar laws in other c