British firms must still adhere to UK data laws if they use technology providers that store their business data abroad, an expert has advised.
Bridget Treacy, partner at law firm Hunton & Williams, explained that the Information Commissioner will soon have the power to impose severe penalties for breaching the Data Protection Act, so firms that outsource the responsibilities for their business lists should comply with domestic regulations.
“If a company was totally cavalier about transferring data abroad, that’s likely to be a breach of the transfer principle and might well result in a monetary penalty if the data were at risk,” she said.
Ms Treacy added that the use of cloud computing systems could also pose a risk to data safety, because information will be able to be accessed from multiple jurisdictions.
A report published last month by the European Network and Information Security Agency found that improper mechanisms for separating customers’ data can compromise business security and expose firms to the possibility of legal action.
Posted by Matthew Collins, Technical Director IT Data Cleaning, Hygiene, Analytics, Databases