The beauty and evil of cloud computing lie in the varying data privacy laws that different countries operate by. Without a clear grasp of what laws are in force, organizations are naturally hesitant in deploying cloud services delivered from data centers offshore.
Take Hong Kong and China for example. Cloud service providers have been hearing customer concerns regarding a potential 'seizure' of data that resides in Hong Kong data centers by the Chinese government for various reasons. Guided by such misty (and untrue) preconceptions, one can imagine how much business was lost due to the confusions about the application of data privacy laws.
Those who are familiar with the legal frameworks of Hong Kong and China will be able to tell this is impossible. Put it simply, under the "One Country Two Systems" principle, Hong Kong essentially operates in a legal jurisdiction that is totally separate from that of China.
Nonetheless, cloud service providers and potential cloud service customers will welcome a clearly worded position paper from the Hong Kong government, which clarifies the ownership of data between the Hong Kong Special Administrative Region and the People's Republic of China.
Viewing this with a wider scope, there are key influencers of data privacy laws that regulate trans-border data flow, such as the European Union's privacy regime, or the APEC privacy principles here in Asia. According to Thomas Shaw, Asia-based Attorney at Law and CloudRisk Asia's CEO, "this area is very dynamic and requires up to date knowledge before any analysis is undertaken."
In this last part of the interview with Asia Cloud Forum, Shaw guides us through the different data privacy laws that are in force in several key economies today, and what actions organizations can take to protect their corporate data from government seizure, such as in the name of 'terrorism.'