Protecting personal data in the cloud
IBM today announced it has patented the design for a data privacy engine that can more efficiently and affordably help businesses protect personal data as it is transferred between countries, including across private clouds.
Global businesses are increasingly moving personal information such as employee and customer details across borders and around the world. As this continues, the ability to manage data flows between cloud data centers while remaining in accordance with organizational policies and local laws becomes even more imperative. Increasingly, governments are establishing rules that regulate how data may be transmitted from one country to another.
IBM's new patented Data Privacy Engine invention – U.S. Patent #8,695,101 – lets businesses aggregate international and organizational requirements for data transfers and apply them to individual projects. As a result, organizations can quickly see what restrictions have been put in place for different types of protected information when transferring it between two countries, including data stored in a private cloud. The engine also flags cross-border privacy issues and provides recommendations on how to resolve each based on the information the business has input into the engine. In the event underlying privacy requirements change, the engine can be updated to reflect these rules. Users can then notify teams that previously approved transfers may need to be revisited in order to prevent potential violations.
This new privacy engine improves upon manual privacy techniques, which are often executed on an ad hoc basis, requiring additional dedicated support. This model is not only expensive and time consuming, but it is also burdensome as businesses struggle to stay current with the growing number of regulations that may vary from country to country.
"Global businesses today face significant challenges in protecting personal data and keeping up with regulations in an environment where cross-border flows of information are more important than ever," said Christina Peters, chief privacy officer, IBM. "Our new invention provides a privacy technique that could help businesses navigate an increasingly complex landscape and help companies proactively manage risk."
For example, a company working on a project that requires transferring employee data via the cloud from a branch in one country to an office in another could use IBM's patented data privacy engine to identify potential violations. The company's compliance team could then be provided with all relevant details so that it can help the business make sure it is taking appropriate action.
This patent furthers IBM's commitment to helping businesses ensure that their most vital data and assets remain secure. Just last month, IBM announced the industry's first intelligent security portfolio for protecting people, data and applications in the cloud. In addition, earlier this year, the company introduced the IBM Threat Protection System and Critical Data Protection Program to help organizations protect their critical data in an environment where advanced persistent threats, zero day attacks, breaches and the accompanying financial impact on an organization continue to rise.