Russia Data Privacy Laws
Data Privacy Laws & Cloud Adoption in Russia
Russia is the latest country to pass stricter data residency requirements in order to protect their citizen’s personal information. Earlier this week, the State Duma of the Russian Federation passed the new law that impacts any foreign cloud service Russians use. It requires those services to store all Russian citizen data within the country – meaning any cloud services that will house personal data of Russian citizens must have physical servers located within the Russian Federation. Regulated data will not be allowed to leave the country’s borders without meeting strict requirements.
President Putin signed the bill into law on July 21, 2014 and the lower chamber of Russian Parliament passed legislation making the new law effective September 1, 2015. Enterprises must begin to put processes and systems in place to become compliant with these new standards – or risk business disruption if their IT systems become blocked/restricted by Russia’s state telecommunications agency. Many countries are passing similar cloud data security laws in response to news of government online surveillance (Edward Snowden) and other unauthorized access. Enterprises are therefore seeking out innovative and practical ways to address these new residency/sovereignty requirements.
Satisfying Russian Data Privacy Requirements via a Cloud Data Protection Platform
One solution organizations are increasingly utilizing to address stricter residency laws is called a Cloud Data Protection Gateway. These Platforms allow enterprises and government agencies to replace regulated or sensitive data with a token before it goes to the cloud. When using tokenization, sensitive data never leaves the organization’s control – making it particularly useful for enterprises operating in countries with strict data residency and sovereignty laws such as Germany, Australia, Canada, China and Switzerland, and now Russia.
Read more about tokenization on our website or download our whitepaper International Privacy Laws,which addresses various laws and regulations around the globe that enterprises need to navigate as they make their move to the cloud.
Data Privacy, Laws & Regulations
The Blue Coat Cloud Data Protection Gateway lets Russian enterprises define their data protection policies to ensure that sensitive data is appropriately secured and protected in cloud applications. Authorized data security administrators can select, on a field-by-field basis, whether to allow a data going to the cloud to remain in clear text, to be encrypted, or to be replaced with a token. The data in the cloud is either tokenized or encrypted so it is meaningless when viewed in the cloud, and organizations can be confident that their sensitive data is within their full control at all times.