How Businesses Can Get Proactive About Data Privacy Compliance

Businesses must design their digital infrastructure to ensure they’re ready for whatever regulators do next

Ana Maria Ordonez
How Businesses Can Get Proactive About Data Privacy Compliance

Regulations governing data privacy are complex and ever-changing. Places like the European Union and Canada have traditionally taken the lead on passing stringent laws covering the collection, storage and management of personally identifiable information. These regulations can be challenging to comply with, but they at least give businesses a sense of what to expect. In the United States, things haven’t always been so straightforward.

Lawmakers in the U.S. have thus far declined to pass a federal data privacy regulation, which has left individual states to step in and create privacy legislation of their own. With the potential for different requirements to pop up in different states, just keeping track of them all may seem like a full-time job. With so many businesses feeling overwhelmed, it’s no surprise that a thriving compliance outsourcing sector has popped up.[1]

Physical infrastructure at software speed: An infrastructure optimization guide

In this guide, explore the various solutions that help today’s business leaders solve industry-relevant challenges through an optimized hybrid infrastructure strategy.

Download Whitepaper
Server room colocation or colo with several cabinets, server, switches and gateways.

In many ways, we are living in the “Wild West” era of data protection laws: governments around the world want to show they can keep their citizens’ personal data safe. However, it’s not always clear what, if anything, they can do to hold companies accountable for placing customer data at risk, especially when those companies operate across borders. If it feels like regulators are making things up as they go, that’s because in many cases, they are.

The CPPA holds important insights about the future of data privacy laws worldwide

A perfect example of the improvisational nature of data privacy regulations is the new California Privacy Protection Agency (CPPA), a kind of “privacy police” tasked with enforcing the state’s data privacy regulation, the California Consumer Privacy Act (CCPA).[2] Even the names of the CPPA and the CCPA show how confusing data privacy regulations can be for the uninitiated. With so many different four-letter acronyms out there—some of them only one letter different from each other—it’s easy to see why some business leaders get overwhelmed.

When the CCPA first passed in 2018, it was considered a landmark, making California the first U.S. state to pass a regulation comparable to the E.U.’s General Data Protection Regulation (GDPR). The new law was particularly significant because California is home to so many of the big names in tech—companies frequently trusted with massive amounts of customer data.

Some detractors say the California regulations are overly vague, both in terms of what’s expected from businesses, and the potential consequences of failing to comply.[3] The CPPA was formed in part to help address those shortcomings.

The agency is still a work in progress. Its remit is to take the broad information privacy law and turn it into highly focused regulations, which it will then be responsible for enforcing. Exactly how it will do that remains to be seen. Although the agency’s rulings will apply directly to businesses operating in California, they will likely reverberate worldwide. The agency is the first of its kind in the U.S., and its every move will set precedents. Similar agencies exist to help enforce the GDPR in Europe, but the results of those agencies have been mixed so far; they will no doubt be watching California closely to see what they can learn from the successes and failures of the CPPA.

To avoid data privacy troubles, businesses must be proactive

Rather than taking a “wait and see” approach to new data privacy mandates, enterprises should act now to ensure they’re prepared for whatever comes next. Avoiding fines and legal trouble is a valid goal for any organization, but prioritizing data protection makes good business sense regardless of what government regulations are on the table.

Good data collection, storage and protection practices can help keep enterprises safe from real-world data security threats. Falling victim to even a single data breach could have far-reaching implications, including loss of customer trust and damage to brand reputation. With the right approach to digital infrastructure, businesses can ensure they’re ready for whatever regulators throw at them next—and more importantly, ensure they’re serving as good stewards of their customers’ sensitive data.

Keep user data safe with distributed, interconnected digital infrastructure

Today’s enterprises understand that establishing a hybrid multicloud architecture can help optimize the performance, flexibility and cost-efficiency of their workloads and applications. Moving to hybrid multicloud has also played an important role in many companies’ pandemic recovery initiatives. To enable a remote workforce, enterprises had to make their applications and data available to employees across the world, securely and reliably.

For this reason alone, many businesses began to see hybrid multicloud as an attractive alternative to storing data in HQ offices or private data centers. Making the shift to hybrid multicloud requires access to the right cloud providers in the right places. Working with a trusted, vendor-neutral colocation partner that offers secure data centers throughout the world helps make that level of access possible.

In addition, migrating data to the cloud creates data privacy risks businesses must be aware of. Enterprises need to get data to cloud service providers and end users without exposing it to unauthorized access. Businesses are increasingly learning that direct, private interconnection allows them to move data where it needs to go with greater security, performance and cost-efficiency than the public internet.

This growing preference for private interconnection shows up in data from the Global Interconnection Index (GXI) Volume 5. According to the GXI, worldwide interconnection bandwidth—a measure of the capacity provisioned to privately exchange traffic between two parties inside carrier-neutral colocation facilities—will increase 44% CAGR by 2024, ultimately making it 15x larger than the internet.

Storing data in the public cloud is also untenable from a data privacy perspective—to say nothing of the higher costs it often creates. The simple fact is that if you want data privacy done right, you can’t leave it up to the cloud providers. Your data privacy requirements are not their responsibility, so it wouldn’t make sense to leave your data completely in their hands. Instead, taking a cloud-adjacent approach can help you balance the opportunities of hybrid multicloud with the challenges of complex and always-changing data privacy regulations.

Cloud adjacency enables digital infrastructure that’s compliant by design

With a cloud-adjacent approach, enterprises store their data in secure colocation facilities with on-ramps to cloud providers in key locations throughout the world. This allows them to position their data near the cloud, while also keeping it secure within the colocation facilities, away from threats like sniffers or man-in-the-middle attacks. When the need for cloud services does arise, they can temporarily move their data into the cloud, on demand and with low latency. As a result, businesses can unlock the full value of their hybrid multicloud architecture without having to put their data—or their reputation—at risk.

Equinix is uniquely positioned to support your data privacy requirements through cloud adjacency. Equinix IBX® data centers are available in more than 60 metros worldwide, many of them home to public cloud provider on-ramps. Our global footprint makes it easier for you to store customer data in the same jurisdiction it was originally created, even if your business operates across borders.

In addition, Equinix Fabric™ provides remote interconnection services. This allows for secure data transfers from wherever your data is stored to wherever your preferred service provider partners are located. Beyond enabling flexible hybrid multicloud networking, other use cases for Equinix Fabric include data center interconnection on a global scale. By deploying in multiple Equinix IBX facilities and linking the different locations via Equinix Fabric, you can balance your need for globally distributed digital infrastructure with your need for local data privacy compliance in many jurisdictions.

Customers can also use Equinix Metal™, our automated, single-tenant Bare Metal as a Service offering, together with Storage as a Service offerings from top providers like Dell. This allows enterprises to enjoy all the benefits of a cloud-like experience—shifting from CAPEX to OPEX, removing the burden of deploying and managing storage hardware, enabling greater scalability, and more—with none of the data privacy risks of cloud-native storage. These managed storage offerings can be deployed on demand, directly from the Equinix Metal dashboard, at select Equinix locations worldwide.

Cloud-Adjacent Managed Storage Powered by Equinix Metal and Equinix Fabric

The Equinix partner ecosystem also includes global systems integrators that can help Equinix customers accelerate their cloud adoption, including secure cloud-adjacent infrastructure and hybrid multicloud. One example of this is our work with Accenture to support customers adopting Oracle Cloud and Oracle Exadata solutions. Together, we use our combined expertise to help customers define strategies and architectures, execute migrations for mission-critical apps and databases, and mitigate change risks.

To learn more about how interconnected Bare Metal as a Service can play a vital role in creating digital infrastructure that’s compliant by design, read the ebook “Physical infrastructure at software speed”. You’ll get a closer look at valuable Equinix Metal use cases, including cloud-adjacent managed storage.

 

[1] The New York Times, “The Companies Benefiting from Fragmenting Internet Privacy Rules”. David McCabe, December 2021.

[2] The New York Times, “How California is Building the Nation’s First Privacy Police”. David McCabe, March 2022.

[3] The New York Times, “What Does California’s New Data Privacy Law Mean? Nobody Agrees”. Natasha Singer, December 2019.

 

Subscribe to the Equinix Blog