Lack of Understanding of US Legislation Putting UK Business Data at Risk

Written by

UK businesses could be putting customer data at risk by having a low understanding of important data protection legislation. Research from IONOS has shown that 44% of IT decision makers in the UK do not have a comprehensive understanding of the US CLOUD Act. In contrast, 92% had a comprehensive understanding of the EU’s General Data Protection Regulation (GDPR).

The survey included 500 UK-based IT decision makers, analyzing their knowledge of key data legislation, attitudes towards data storage and cloud services usage. In particular, it highlighted a significant lack of understanding of the US CLOUD Act, passed into law in 2018. Among the provisions of the Act, it gives US law enforcement agencies the power to request data stored by most major cloud providers. Around six months ago, the UK and US signed the CLOUD Act agreement, making it applicable to UK businesses.

The study revealed that 47% of the IT decision makers were unaware that, under the legislation, US cloud hosting providers may be required to disclose customers’ data to US officials. This applies regardless of whether the information was stored inside or outside of the US, and is irrespective of GDPR regulations.

“GDPR compliance has been a key focus for many European and global businesses since it was introduced, but IT professionals are under pressure to keep up with the constantly evolving data security landscape,” explained Achim Weiss, CEO at IONOS. “The US CLOUD Act adds another layer of potential misunderstanding for those hosting with US cloud providers.”

Surprisingly, a high proportion of those polled were willing to store sensitive information in the cloud, including personal customer and employee details (54%) and accounting data (50%).

Weiss added that much more education around the US CLOUD Act as well as storage best-practice is required for UK businesses to ensure their data is safe and secure.

What’s hot on Infosecurity Magazine?