The journal Financier Worldwide recently published a panel discussion on the topic, “Managing Risk in International Data Transfers.” Panelists included Nina Bryant, Ben Crew and Wajdi Kharrat from data discovery and governance software maker FTI Technology; and Claude-Etienne Armingaud of the law firm K&L Gates LLP. From the start, the issue of “how to share data effectively while maintaining compliance with the increasingly complex network of global data privacy laws” dominated the discussion.
The World Still Runs on Files
The world still runs on files, and in a global economy where sharing data, often across jurisdictional borders where prevailing regulations can vary widely, the challenges associated with secure and reliable data transfers are daunting. If it were a matter of merely attaching an encrypted file to an email and hitting send, or dragging a file to a cloud-based file sharing facility for a customer or business partner to retrieve it wouldn’t be much of a problem. We could all treat file transfers like sending photos of Junior’s birthday party to grandma and worry about bigger matters. But it’s not that simple.
Data transfers—and especially cross-border data transfers—are subject to a lot of important regulations as well as organization-specific standards that must be complied with at risk of fines and loss of business. Armingaud summed up the situation when he said, “A global economy, with data being the fuel for that economy, means that globalized data is unavoidable. This tendency is in particular driven by more and more jurisdictions adopting rules on data transfers of personal data.
“Cross-border data transfer trends could be roughly described as, on the one hand, a Western trend, for example the EU’s General Data Protection Regulation (GDPR) aimed at data protection and restriction of transfers, in particular contractually framing personal data transfers, and, on the other hand, an Eastern data protectionism trend, such as China’s Personal Information Protection Law (PIPL) and Indonesia’s data protection laws and regulations, aimed at a general restrictive data localization requirement, which may be linked to a broader concept of data sovereignty.”
Compliance is No Small Undertaking
Even in the United States, which does not have a single federal regulation dictating how private data must be collected, secured, managed, and shared, the rules can be complex with each of the fifty states setting their own rules. As Crew said, “Maintaining compliance with the labyrinth of laws in place… is no small undertaking.”
When asked how organizations can ensure that their data management and transfer policies are in keeping with the various regulations, the panel recommended a third-party assessment to examine actual practices and to evaluate them in light of the laws that apply. “It is critical to have robust third-party risk management in place and mechanisms to enforce compliance across all an organization’s jurisdictions and third parties,” Crew said.
Encrypt and Audit
When asked about the tools that organizations should use to support their compliance efforts, the panel was in agreement that encryption and audit should be the underpinning of any data transfers.
“Encryption is critical when data is being transferred,” Kharrat said. “It should also be utilized at every stage of the data lifecycle to provide the strongest possible protections for sensitive and personal information.”
Armingaud added, “If I were to offer only one word of advice, it would be to ‘document.’”
If we may be so bold, Coviant Software’s Diplomat MFT family of secure managed file transfer software products fit the bill these data transfer experts describe. Specifically, Diplomat MFT:
- Automates the encryption of files in transit using the PGP encryption standard;
- Automates the capture of audit data, documenting your workflows to prove compliance;
- Automates the fetching and sending files on whatever schedule required, minimizing the occurrence of human error;
- Simplifies the creation of essential data transfer processes with a no-code approach to workflow building;
- Notifies, via your medium of choice, should any issues disrupt your data transfer; and,
- Supports integration of popular cloud storage providers like AWS S3, Google Cloud Storage, and Azure Blobs/Files.
Streamline and Secure with Diplomat MFT
If you need to streamline and secure your data transfer processes, why not take a look at the award-winning Diplomat MFT? You can download a free trial of the software to try it for yourself, or you can schedule a demonstration where one of our experts will not only show you how Diplomat MFT can do the job, and answer your managed file transfer questions. Coviant Software would be happy to be your partner in secure, reliable managed file transfers.