You think your data is safe in the clouds? Think again. Not all high-security datacentres are as safe as you think. What may be a calamity-proof or hacker-proof datacentre may not necessarily be authorities-proof.
Governments can have greater powers than the highest-grade security measures datacentres have put in place. All they have to do is show their badge and the datacentres operators are under obligation, by law, to show your data without necessarily seeking your permission.
If you are hosted with a US-owned datacentre, even though your data is stored in their facility in the UK, you are subject to the US Patriot Act.
The US Patriot Act was enacted to combat global terrorism, empowering the Federal Bureau of Investigation (FBI) to obtain information from European companies that store their data in a US-based datacentre, even though the physical location of their datacentre is within the European Union. Further, US-owned but UK-based data centre operators are not allowed to inform you that your data has been handed to American authorities.
Section 215 of the US Patriot Act states:
“SEC.215. ACCESS TO RECORDS AND OTHER ITEMS UNDER THE FOREIGN INTELLIGENCE SURVEILLANCE ACT:
(a)(1) The Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities.”
Are security and privacy major concerns for your organisation? You are best advised to host your data with a UK-owned datacentre.
UK-owned datacentres are obliged to abide by the Data Protection Act (DPA). It prohibits, by law, a hosting company from giving out any of your data to any third party without your consent.
There are international agreements, on the other hand, that allow nations to work with each other in matters that have global impact. This include issues on terrorism and criminal activities. The Mutual Legal Assistance Treaty (MLAT), for example, allows US authorities to cooperate with UK officials to gain access to data within a UK-owned hosting company. However, it will be harder to discreet like the US Patriot Act because of the UK’s Data Protection Act. When the MLAT is invoked, the US embassy in the UK will need to inform the UK government why they want to access data inside a UK-owned datacentre, what and how they want to do it. In effect, the UK datacentre is obliged to inform the data owners that their information are being handed to the government.
Frontier Cloud is owned by a UK-registered organisation. Access to data cannot be surrendered through the US Patriot Act and is protected by the UK Data Patriot Act.
For more information, get in touch with us at firstname.lastname@example.org | 0845 603 6552
Read more News