This is an old revision of the document!
Originally, before the ubiquitious use of neworks and internet, hardware abstraction, virtualization, the explosion in cloud computing, and globalizaton of tech compaines, data protection was relatively easy which a large portion of the Data Protection accomplished through Physical Security. Thess original concepts of Data Protection were greatly expanded to cover Securability. Although, this was an improvement in protecting data from the perspective of the corporation, there was little protection for the end-user (i.e., consumer) from the corporations. Figure 1 represents the widespread nature of Geographic Jurisiction Data Governance. Fortunately, most of the tecg areas such as Cloud Computing, Artifical Inteligence and Big Data have already made adaptations for Geographic Jurisiction Data Governance expecially since it has been mandated by Internation and national Governance and Regulation such as General Data Protection Regulation (GDPR), Data Protection Act 2018, and California Consumer Privacy Act (CCPA).
Unfortunately, most distributed computing platforms (i.e., DIDOs) have done little to address Geographic Jurisiction Data Governance even while the amount of governance and regulation has increased beome relatively mainstream internationally. Some of the 90+ Countries and the various laws are described in detail at the InCountry website3). The InCountry team is constantly updating the site with new regulations and more countries, The following list represents some of the major non-USA countires:
There are three main categories of Geographic Jurisiction Data Governance: data_residency, Data Sovereignty and Data Localization. Usually, these concpets are applied strickly to data storage with an increase burden to store the data in the jurisdiction where the data is created. Basically, it is represents the Data-at-Rest data state, see: 2.3.4.2 State of Data Taxonomy.
The main empasis of Julian Box's article is on Cloud Computing7), however, many of the concerns and issues he raises are pertenant to Distributed Compuing since the data within the distributed solution potentially can reside anywhere, especially with a Permissionless Network.
He suggests as a starting point for Cloud Computing, try applying the distinctions between data_residency, Data Sovereignty and Data Localization to the following questions about your distributed system:
[char]New Section -- review