This week’s blog is from YellowDog’s CTO, Simon Ponsford. Thank you, Simon!
In early December I was asked to complete yet another CTO survey from an online backup provider asking me to select my preferences for data storage location. The obvious candidates were listed: UK, European Union, USA etc. My first thought was that the backup provider was trying to attract new business following the European Court of Justice ruling in October on Safe Harbour agreements. Safe Harbor has been in operation for the past 15 years allowing US service providers to store data outside the European Union in the knowledge that the service provider has signed up to providing the same standards of care of the data as that legislated in Europe. On 6th October 2015 in the case of Maximillian Schrems v Data Protection Commissioner the European court ruled that even if US companies take adequate protection measures, the US public authorities are not subject to the Safe Harbor guidelines. This puts European citizens’ data privacy at risk to US government surveillance, effectively nullifying Safe Harbor agreements that have been the basis of data between the European Union and US based service providers. Due to this ruling, EU based organisations should ensure that all electronic personally identifiable information is stored within the EU.
This doesn’t mean to say storing information anywhere within the European Union is in itself sufficient, organisations are still responsible for ensuring that the data is secure, kept up-to-date and only stored for only as long as is necessary.
When I received the questionnaire my first instinct was to contact the online backup company that had commissioned it and asked to receive a copy of the results in return for completing the survey. Making full use of the “other” option throughout the survey, I responded stating that whilst I understood that a recent ruling meant my business had to store personally identifiable information within the European Union, but if all other things were equal such as performance and security, my choice would be led by the option with the lowest carbon impact. Unfortunately, the environmental impact of datacentre services rarely features on the agenda in most organisations, and whilst there is no definitive guide that can tell you the amount of greenhouse gases emitted per GB of data stored, there are some very useful resources. One of the most comprehensive is a Greenpeace Report called Clicking Clean; whilst this is now a little out of date, published in May 2015, it is still very informative. For example, if you were storing data on S3 in an Amazon datacentre the report shows that if you chose Virginia (US) only 2% of the energy would come from renewable sources, in Dublin (Ireland) datacentre 50% is renewable whilst the Frankfurt, (Germany) the datacentre claims to be carbon neutral – 100% renewable. There are similar examples with Microsoft Azure and Google in the report, both having Ireland based facilities which consume only 10% renewable energy, the remaining 90% coming from Natural Gas and Coal fired power stations. I should point out that data in reports such as these can quickly become out of date. For example, Greenpeace published a similar report in 2012 in which Apple was heavily criticised for its heavy use of fossil fuels at its datacentres, but has since switched to 100% renewable power.
So next time you are thinking about where to store your offsite backup data, you might want to ask your service provider for their green credentials.