You may have recently been instructed to “know where your data is located” or maybe you’ve been asked “where is your data”?

The location of your data refers to the physical location. Somewhere a machine is sitting in a room, storing your information. These machines are called servers, and there can be more than one. Your data could be fragmented among multiple services, in multiple locations. Here are few examples of where your data might be stored:

·       Desktop computer

·       Laptop computer

·       Phone

·       Printer

·       Scanner

·       Your personal server

·       Server belonging to the cloud service provider

·       Server belonging to a third party contracted by your cloud service provider

·       Servers used by mobile applications that store your information 

Admittedly, the above list starts off with no surprises and then trails off into the weeds. You may be wondering how you can possibly know anything about servers owned by other people. Many people ignore this information, but recent changes to data protection laws have increased liability for ignorance. To use software services, you consent to the terms of service or end-user agreement. Embedded in these agreements you will find details about how a company uses your information and where the servers are located. Hopefully, you also find details about any third parties with access to your data (i.e. storing your data).

You can audit yourself by listing all of the devices from which you can access your data. Then list all of the platforms you use to access data. These typically require, or at one point required some sort of login credentials. Review the terms of service and end-user agreements for each service provider. Finally, list the applications you use and review the terms of service.

With a simple audit, you will be more informed about where your data is located and be better prepared to answer the tough questions.