Data Has Borders: The New Rules of Compliance - Episode 216

Data compliance isn't just about protecting information anymore — it's about understanding where your data lives, how it moves, and how to stay compliant across borders. On this Episode of Compliance Unfiltered, The CU guys chat about how with regulations evolving faster than most organizations can keep up, knowing the difference between traditional data security and the new legal landscape is crucial. This episode uncovers why geographic location, data sovereignty, and continuous visibility could make or break your compliance efforts in today's complex data environment.

Episode Transcript:

Adam Goslin:
Especially the stories about compliance hurricanes, generically, of course. We don’t want anybody violating any NDAs or anything along those lines.

But if you can generisize it and share your pain, there may very well be things that people are experiencing that others are as well. So both the pain and any insights, oh my God, yeah, that’d be great.

Todd Coshow:
Absolutely. Reach out at complianceunfiltered@totalcompliancetracking.com.

Well, Adam, today we’re going to talk about data. That’s right, the rules have changed. And I think it’s important that we have a chat about it.

Does your company actually know where all of its data lives right now? Tell us more about this.

Adam Goslin:
There’s a lot of organizations that don’t really. They got a general idea, etc., but they couldn’t put their finger on, “This data’s here and that data’s there, and these are the processes.” It’s extremely complicated.

There’s a lot of organizations that, quite frankly, haven’t put all of those pieces together. It’s certainly an onerous task for any organization.

Todd Coshow:
There’s definitely a shift in data regulations. Fundamentally, what is changing in data compliance right now?

Adam Goslin:
It’s not just about securing. A lot of people historically would think about protecting their environment and making sure they’re in compliance with fill in the blank, and just about protecting whatever it is that they’re responsible for protecting. That’s morphing.

It’s turning more toward where is the data, how is it being used, who accesses it, for what purpose are they leveraging it, etc. There are a lot of rules, regulations, really legal agreements between organizations that govern the data access and usage. So it becomes very important to organizations to be able to have their finger on that pulse, if you will.

Todd Coshow:
Why is geography suddenly so important?

Adam Goslin:
Data is subject to the laws of the country or regions where it resides. There’s different rules and penalties. You’ve got agreements that you’ve made with different organizations. So there’s a myriad of layers that play in, but certainly where it’s at plays into it as well.

Some organizations care about where their data resides, aka what country. Some don’t. So it gets extremely complicated very quickly, if you will.

Todd Coshow:
That makes sense. What is driving this?

Adam Goslin:
Globally, privacy laws have been popping up. We’ve been seeing it just in the US. In the US, we’ve got certain states that decide to put out certain edicts around privacy laws. California, namely, was the lead in terms of privacy law within the US. But the minute that they did it, now you’ve got different data and privacy laws picking up from different states within just the United States, let alone when you take it up to a federal level within the US.

There’s other rules. Once you get international, countries have their own. So it’s a landscape that’s getting really complicated. It’s starting to remind me a lot of some of the complications that organizations would have with breach notifications. There were organizations that specialized in breach notification because of all of these layers of complexity.

You bring it from the US stage to the international stage.