The Importance of Secure Data Storage Locations
- Data residency is the physical location where a business stores its data.
- The data residency requirements are based on the local regulations that determine how residents’ information is gathered, processed, and stored within its borders.
- TokenEx has Microsoft Azure data centers in three countries to support global data processing.
What Is Data Residency?
Data residency refers to the specific geographic location where a business stores and processes its data, typically for regulatory purposes. The country where data is stored will dictate how and where this information is stored, processed, and handled per its data regulations. Depending on an organization’s data, legal, and tax requirements, they may need to store and process data either locally or abroad in another country. If a company’s sensitive data is moved to a new country, this can change the data residency laws that the data is subject to.
Data Residency Requirements
A company’s specific data residency requirements depend on the local data regulations that dictate how citizens’ data is gathered, cleaned, processed, and stored within its country. Businesses need to understand and follow these regulations for local users fully. Additionally, companies can transfer data to another country if they first meet local data protection and privacy laws and receive consent from users. Reference the guidelines below for achieving data residency compliance:
- Identify where your sensitive data is created and stored.
- If data is stored in various locations, keep a copy of the original data stored in the country of its origin.
- Secure users’ data before moving it to a new country by using a data security solution like encryption or tokenization.
- Protect users’ data by storing encryption keys locally to prevent third parties like hackers and governments from gaining unauthorized access to the data.
- Always keep backup copies of users’ data and store them securely.
- If you use the cloud, know how and where your data is stored and ensure the cloud hosting partner meets all privacy laws your information is subject to.
- Know which governments have access to your data and what those governments have access to.
Where Does TokenEx Store Data?
TokenEx has data centers in the United States, Ireland, and the Netherlands. Offering three locations helps our clients meet their local data residency requirements while securing their data from theft. In turn, this helps our clients stay out of scope regarding data compliance laws, such as the following:
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- General Data Protection Regulation (GDPR) in the European Union (EU)
- General Data Protection Law (LGPD) in Brazil
Microsoft Azure Cloud
Aside from physical locations, it’s equally important to know how data is stored. At TokenEx, we store data securely via Microsoft Azure. Microsoft Azure is a top cloud service provider that offers data residency options worldwide. Like TokenEx, Microsoft’s data policy indicates that users maintain full ownership of their data. This includes personal and business data hosted and stored on the Azure cloud.
By using our vaultless TokenEx technology, this means that none of our clients’ sensitive data is permanently stored outside of clients’ internal environments. Our cloud storage solution can be beneficial for clients that cannot permanently store data in the region we have a presence in (e.g., the US or EU) but still need to comply with local data regulations.
For example, the Reserve Bank of India (RBI) requirements state that cardholder and transaction data cannot be stored permanently outside India. If a client uses our vaultless technology, none of the cardholder data is stored but instead temporarily transmitted to be tokenized. Further, clients in India must use network tokens because the card networks are the only entities allowed to store data outside of India.
To meet these needs, the TokenEx API connections allow clients to use network tokens to process card payments without permanently storing data outside of their countries. Additionally, TokenEx can manage the relationship between clients and the card brands, thus allowing clients to use network tokens without directly building payment integrations with the major card brands and increasing PCI scope.
Why Is It Important to Use Secure Data Storage Locations?
No matter what type of sensitive data you store, process, or handle, it’s very likely that you will need to adhere to specific data privacy and residency requirements that vary by location. Sensitive data can include everything from cardholder data to personally identifiable information (PII). If such laws are ignored, businesses can face legal and ethical consequences in one or more geographic locations.
Cloud Data Storage Challenges
You may want to use third-party services to meet your customers’ needs. It’s essential to determine your customers’ data residency requirements, which may conflict with how a third-party stores, manages, processes, and accesses data. If a conflict exists, an alternative will need to be found that is compliant with local residency laws and meets customers’ needs.
Another issue businesses face is where to host their data, as some countries do not always have data centers. Thanks to major cloud providers like Amazon Web Services, Microsoft Azure, and Google Cloud Platform, it is easier for businesses to store user data via the cloud securely. Specifically, data can be stored in data centers closest to users.
In addition to utilizing secure data locations, businesses must also prioritize data security. While there are countless solutions, one solution that is effective and flexible is tokenization. Tokenization is the process of replacing original data with randomly generated algorithms that are unique to each piece of data. However, these tokens do not represent any of the actual data, making it useless to threat actors on the hunt for valuable data to steal or expose. Indeed, TokenEx can help your business store, transfer, and process sensitive data, maintain data residency laws, and help prevent legal and security issues.