Using the tool, one can quickly determine how various countries stack up against each another in terms of their data privacy standards. Each country has been rated across seven key criteria, covering the breadth of law, EU adequacy, data transfer limitations, government surveillance activities, etc. Leveraging this data, our clients will be able to establish their own data privacy “high watermarks”, ensuring compliance in all locales in which their organisation operates. One such application is in the use of cloud computing. Since the cloud is borderless, jurisdictional-based privacy laws are often a mismatch when applied to clouds. When considering outsourcing to a cloud service, companies should consult Forrester’s Privacy Heat Map to determine, for example, whether their data will be at risk of residing in a country with questionable governance surveillance practices.
While developing the Privacy Heat Map, a number of interesting trends surfaced. Most prominent was the difference between how the US treats data privacy compared with the European Union (EU). While the EU has developed an overarching data privacy framework based on the ideal that privacy is a fundamental right, the United States has taken a largely sector-based approach to its laws. This difference between the two greatly impacts the collection, use, and disclosure of customer and employee data for companies that operate on both sides of the Atlantic. This can also lead to friction between entities that engage in cross-border data transfers[i], as well as between branches of the same company separated by geographic borders.
It is also clear that many countries are undergoing shifts in their privacy legislation, with a trend towards adoption of the EU's legislative standards. There also remain countries with inadequate privacy standards altogether and others which do not properly implement their own standards. For example, 6 out of the 54 countries do not regulate government surveillance, which can lead to rampant and uncontrolled surveillance activities. Additionally, countries like China and Singapore simply have not established privacy regulations sufficient to protect personal data residing within their borders.
Because information is a powerful business asset, it is imperative that modern businesses have the know-how to operate in this increasingly global economy. Forrester sees this Privacy Heat Map as a valuable source of information for our clients and is committed to updating the map on an ongoing basis. As we publish new data privacy research, this too will be accessible directly from the heat map (for example, common questions on EU privacy laws and establishing your own data privacy framework within your organisation). Forrester also provides strategic consulting services to help organisations navigate data security and privacy issues at every step of the information lifecycle.
By Forrester researcher Chris Sherman