Last month’s European court ruling striking down the sharing of data between the European Union (EU) and United States under the Safe Harbor Act makes it more difficult for a company to send user data to the U.S. This is the latest in a long line of data privacy-related roadblocks with which global organizations are grappling. While companies regularly send materials, products, and data across national borders while doing business internationally, each of those national boundaries invokes different laws and regulations governing how those companies can handle the data their business requires. And in the age of Edward Snowden and breaches like the Sony hack, these organizations are having to do conduct their business in an atmosphere of growing distrust and regulatory scrutiny.
So how does an international business overcome these regulatory hurdles without hindering their speed to market? German life sciences company Leica Microsystems, a developer of cutting edge microscopes and scientific instruments found in medical clinics, classrooms, and laboratories around the world, is one such business facing these challenges. The company’s Intellectual Property (IP) is one of its most valuable assets, yet it also must consider how to protect highly regulated data like sensitive medical information, along with employee and customer data. This is difficult enough for a company in operations in a single country – but Leica Microsystems has a presence in more than 100 countries. Their IT team had to come up with a data protection strategy that ensures their valuable data stays safe, while also meeting a range of differing, and sometimes conflicting, global privacy requirements.
For many organizations, this might mean setting up separate IT systems to manage data in specific regions. This approach lets the business meet residency regulations that require data not cross national boundaries, or in some instances, not be accessed by someone of a different nationality. With global organizations, this is a headache, since it creates silos of data and also means that limited IT resources must be spent duplicating efforts across the organization. And the larger the business’ geographical footprint, the more duplication that must occur.
Leica Microsystems took a different approach to managing data globally. With 4,000 workers, many of them remote, and a relatively small IT team, they had to be able to centrally manage data protection, while also having the flexibility to meet data residency requirements. Because of this, Leica Microsystems developed a data protection strategy that ensures their data management strategy continues to meet compliance requirements as the company grows and moves into new geographies.
Partnering with Druva, Leica built a single, adjustable process to meet their global needs. Storage nodes are spread across the world and with delegated administration, the company can ensure only those employees in specific regions can access certain data, such as a German citizen managing the data for German employees. This also allows them to turn on privacy flags to protect human resources data in some countries or to allow only a legal administrator access to data related to an inquiry. This adjustability lets them meet strict privacy needs in one country, while taking advantage of capabilities in another. For example, German law prevents the tracking of employee devices. As a result, Leica Microsystems disables this functionality for its German employees, but employs it in the U.S., where it’s a key part of their strategy to deal with lost or stolen devices.
This sort of flexibility not only allows their teams to manage data with the flexibility they demand as a global company, it also allows them to reduce the core resources of their IT team. Even basic tasks like device replacement are designed to minimize IT involvement. Spare devices are stored at central locations and when a replacement is needed, the employee needs to only take a new device, log into inSync, and restore their data. By delegating specific roles and regions to the appropriate personnel, the IT team itself is freed up to focus on more strategic initiatives to move the business forward.
As the amount of data breaches in the news continue to increase, Leica Microsystems can rest easy knowing its data is not just protected – it’s also not crossing regional boundaries and is held in a way to meet a web of data regulations stretching across the world.
Read the full Leica case study here. Want to learn more about how to navigate global data privacy laws? Check out the whitepaper “Addressing Data Governance Requirements in a Dispersed Data Environment” and learn how Druva can help you simplify data protection.