Intralinks Builds Second DC to Keep Customer Data Secure Behind German Border

Intralinks Builds Second DC to Keep Customer Data Secure Behind German Border
Tweet
The tendency for our world to get smaller may have reversed itself, if just temporarily, in 2016.  With Great Britain preparing to get ready to start the initial beginnings of a first phase of an initiative to leave the European Union, and with the United States wasting no time building its bridge to the 20th century and beyond, Frankfurt, Germany-based SaaS collaboration provider Intralinks announced Wednesday its intent to build a second Frankfurt data center facility to help its clients navigate this rapidly growing world.
It’s no initiative, or even the beginnings of one.  As Intralinks CTO Richard Anstey told Data Center Knowledge, it’s an effort to enforce the underlying connections between applications and customer data, in such a way that personally identifiable data never actually crosses borders into potentially dangerous foreign territories.
Logical Location
“Organizations that store and process personally identifiable information (PII) pertaining to E.U. citizens must follow a detailed set of rules, or face fines of up to 4 percent of global turnover (if their failure to follow the rules results in a breach of privacy),” Anstey told us.  “The Intralinks Trust Perimeter is a set of controls, both technical and legal, that will help organizations to satisfy the regulation — especially when their business process requires them to share information beyond their own organizational boundaries.”
It’s an intriguing system that takes advantage of an emerging definition in European law, as Anstey explained to us, regarding the location of encryption.  Common sense might tell you that encrypted data housed on servers located in a country, is effectively hosted in that country.
But common sense and European law are two concepts often separated by a variety of common languages.  In this case, said Anstey, there is an emerging split between the concepts of logical location and physical location, the latter becoming more and more irrelevant from a legal perspective.
“The logical location is defined as the point of control of encryption,” said the CTO, “and some (including Gartner) have stated that this is the definition of location that will become more important over time.”
Under the terms of the E.U.’s General Data Protection Regulation, each member state is independently responsible for enforcing the directive, by means of its own data protection authority (DPA) .  It’s the DPA that has the authority to impose fines.  But because Internet data may cross many European state boundaries, it may come under the scrutiny of several DPAs along the route to its final destination.