When a Government Deliberately Stores Data Outside the Country

As cloud computing develops and providers multiply their data centres, physical location of data has become an important issue for many organisations. Their goal has often been to prevent storage of confidential data outside their national boundaries. The risk of a data breach is considered to be too great, especially in the wake of the Snowden revelations and CSA snooping saga. In some industries such as medical or financial, regulations may simply prohibit the use of data storage facilities abroad. Yet one national government is taking the opposite approach and making foreign facilities a part of its disaster recovery plan.

Estonia, a Baltic state with a population of just over 1.3 million people, has already used its own embassies to hold duplicates of information and registries. However, secure storage requires both investment and space, and its embassies in other countries have limited resources. The government now plans to extend storage to space in secure data centres in countries that are Estonian allies. The concept is that in the event of a national crisis, recovery will be faster and surer.

Whether or not other nations adopt such a policy remains to be seen. There may be a correlation between this seemingly daring move and the reputation Estonia has for being the most ‘wired’ (greatest degree of Internet access) country in Europe. Among other cyber activities and developments, Skype software was created by Estonian engineers and is still largely developed there. Meanwhile, other countries and the organisations within them are still coming to terms with the openness of cloud computing compared to the restrictions on storage and movement of data. Will regulations like Sarbanes-Oxley or HIPAA, or other countries like Australia, Germany and New Zealand (all with strict rules about data storage locations) become flexible enough to accept trans-border data storage? We’ll have to wait and see.