Earlier this month, the European Commission issued its long-awaited, updated ‘Standard Contractual Clauses’ (SCCs). The clauses represent the most frequently used mechanism to transfer personal data from the EU abroad, including to the US.
However, organisations can’t rely on SCCs alone, they must carry out a case by case risk assessment when exporting personal data outside the EU.
The European Commission’s announcement doesn’t change the commitment we have to our customers’ data privacy and security. We are continuously looking for opportunities to update our practices in line with government and industry standards in Europe.
On top of this, our partnerships with European industry leaders like Atos & Alcatel Lucent Enterprise helps us meet local customer needs.
Here are some of the initiatives we are working on right now:
We rely on the new EU Standard Contractual Clauses (SCC) as a data transfer mechanism, and we offer customers additional contractual safeguards in line with the EU Commission’s recommendation; this includes protection for data exporters and redress for data subjects. We are also rolling out such safeguards to our sub-processors.
Every request for disclosure is reviewed by our legal team. These rigorous reviews verify that all requests are legal and within the powers of the requesting public authority.
If, after a careful assessment, we conclude that there are grounds under the law to challenge the request, we exhaust all available remedies to do so. In any event, we are fully committed to inform our customers, unless prohibited by law, of any government request for disclosure of personal data. On top of this, we would use every reasonable effort to redirect the requesting third party to ask for the data directly from our customers.
Finally, we always seek to provide the minimum amount of information permissible when responding to a request for disclosure.
We also protect customer data with the following additional safeguards:
All customer data is encrypted while in transit and at rest.
This ensures generation of audit logs for all systems, devices or applications associated with the access, processing, storage, communication and/or transmission of customer data.
All users have individual accounts for unique traceability; shared accounts are not typically permitted. User passwords are configured to align with NIST guidance. RingCentral requires multi-factor authentication or two-factor authentication.
This enables customers to manage account policies including the below:
Access control, detection controls and usage throttling prevents toll fraud. Customers also have granular control over who gets to make international calls and to where.
Our multi-tenant ensures a high degree of security so that one customer’s data is never available to another customer. We use this type of architecture and dynamic database views to form application layer boundaries between customer instances.
We’ve reviewed our law enforcement access policy and will be publishing the first transparency report in the coming weeks. The report will clearly state how many law enforcement requests we received in the previous year, from which countries, and which type of data we provided.
RingCentral continues to prioritise European data centre infrastructure. Our European data centres allow European agencies and governments to move faster and embrace cloud technology.
We hope to enable more organisations to take advantage of cloud communications to enhance the customer experience while controlling their data. Our data centres in Germany, the Netherlands, the UK and Switzerland remove barriers to innovation for industries with high data security requirements and provide in-Europe failover. This includes the same 99.999% uptime trusted service level agreement that customers expect.
This time last year, the EU Court of Justice declared the EU-US Privacy Shield invalid, meaning it was no longer possible to rely on the Privacy Shield framework to transfer personal data to the USA. A year on, it’s encouraging to see ongoing discussions between the European Commission and US government to build a new framework for personal data that is transferred across the Atlantic.
While we are optimistic for a government resolution in the near future, we will not become complacent.
As a provider of cloud services for the European market, we align our practices with the requirements of the EU General Data Protection Regulation (GDPR). RingCentral also continues to strengthen its European footprint and proudly follows the lead in understanding how to service EU residents – we will remain firmly on this path.
The return on investment of IT projects is more relevant than ever in the current…
No business wants to operate in the dark. However, without a complete understanding of the…
AI is changing the way we work, and small businesses might just be poised for…
Founder and CEO of RingCentral, Vlad Shmunis, recently said RingCentral is an “AI-first, multi-product company,…
AI Meets Trusted Communications It’s with immense excitement that we announce a significant evolution in…
Many companies adopted UCaaS during the pandemic and were forced to make quick decisions about…
This website uses cookies for analytics and functionality purposes. If you continue browsing our website, you accept these cookies.