A new data privacy law passed by Russian parliament on July 4th, 2014 requires that Internet companies store the personal data of Russian users inside the country’s borders. This move will make it easier for government officials to keep tabs on their citizens. Members of Russian parliament have defended the bill as a measure to protect Internet users in the country whose details are often outside the county.
The new law requires that companies doing business in Russia open data centers inside the country by 2016 or face being blocked; a number of high-profile companies including Twitter have no local presence, and it’s unclear whether Russia’s move will spur any action. The country has already shown a willingness to block sites that don’t meet its guidelines, and recent demands that bloggers register with government officials have tensions over internet freedom running high.
As more and more countries consider their data privacy laws, it is becoming more and more important that companies first know where there data resides consider a plan on how to maintain better ‘control’ of it.
Therefore, the first step is to audit and understand what personal information your enterprise collects and holds, how it collects and holds it, and what it does with it. Since privacy law is all about personal information in records, and those records are almost always on computers these days, your information audit will necessarily focus on the servers, desktops, phones, pads, notebooks and cloud services that power the business, and the people who use them.
Secondly, to complying with typical Privacy Act’s demands, your organization must know what data is being hold, understand what you do with it, and are transparent with the outside world about those things, somebody needs to take charge of the data audit. At the same time, it is important to survey the staff about the records they need to capture, and why. If there are substantial data of personal information disclosed by the audit that aren’t explained by any need reported by the team, you may have identified data that’s unnecessary, and the Privacy Act has something to say about collecting or retaining that.
Data privacy laws are gaining popularity with world governments and it might be prudent if all organizations were proactive in its response to these forms of regulations.Tags: data, law, privacy