Location, Location, Location
The address of your corporate office might be the first thing that comes to mind when you think about your company's location, but should you also be similarly concerned about the location of your computers? Maybe one day in the future there won't be any discussion around the location of the computer. After all, who knows where the SABRE airline reservation computers are located? But until then there are real and perceived issues to be confronted. Many factors must be considered when making these decisions, including data privacy laws, networking predictability and performance, the political stability of the region, and the security and robustness of the facility. All these factors must be taken into account. In this chapter, we discuss the issues and some of the technical solutions being pioneered to allow users to choose the location of the computers, whether it's right next door or 6,000 miles away.
The Law
Let's start by considering international data privacy laws. Multinational firms that handle employee and customer data in Europe are finding it increasingly hard to quickly roll out new applications because of data privacy laws mandated by the European Union (EU). Across Europe, corporations must now pay a visit to the local data protection authority to disclose how marketing, human resources, financial, and healthcare data they collect is being warehoused, processed, or transported in or out of the EU. Moreover, these firms have to seek permission from worker-based organizations known as works councils to start new IT projects. Each of the 15 EU countries has adopted, or is in the process of adopting, slightly different provisions to satisfy the EU privacy directive issued in 1998 to promote harmonization of data privacy regulations.
European-based businesses acknowledge they must plan further in advance than they used to for IT projects. U.S. operations have to be sure they are abiding by European laws if they receive data on European subjects. The EU won't let data go to locations deemed to have inadequate data privacy laws, such as not giving European citizens the right to give consent for how data is shared or processed.
Some view the United States, with its freewheeling marketing practices, as generally inadequate in data privacy protection. At one point, it seemed possible that the EU might not allow citizen data to be transported to the United States. However, the EU and the United States reached a compromise with the so-called Safe Harbor agreement.