Our commitment to protecting European data across borders 

Share this Post on:

Businesswoman near the parliament building in Brussel-797

Earlier this month, the European Commission issued its long-awaited, updated ‘Standard Contractual Clauses’ (SCCs). The clauses represent the most frequently used mechanism to transfer personal data from the EU abroad, including to the US. 

However, organisations can’t rely on SCCs alone, they must carry out a case by case risk assessment when exporting personal data outside the EU. 

How does this impact customers?

The European Commission’s announcement doesn’t change the commitment we have to our customers’ data privacy and security. We are continuously looking for opportunities to update our practices in line with government and industry standards in Europe.

On top of this, our partnerships with European industry leaders like Atos & Alcatel Lucent Enterprise helps us meet local customer needs.

What additional safeguards are available to customers?

Here are some of the initiatives we are working on right now:

Data transfer from the EU

We rely on the new EU Standard Contractual Clauses (SCC) as a data transfer mechanism, and we offer customers additional contractual safeguards in line with the EU Commission’s recommendation; this includes protection for data exporters and redress for data subjects. We are also rolling out such safeguards to our sub-processors.

Government requests

Every request for disclosure is reviewed by our legal team. These rigorous reviews verify that all requests are legal and within the powers of the requesting public authority. 

If, after a careful assessment, we conclude that there are grounds under the law to challenge the request, we exhaust all available remedies to do so. In any event, we are fully committed to inform our customers, unless prohibited by law, of any government request for disclosure of personal data. On top of this, we would use every reasonable effort to redirect the requesting third party to ask for the data directly from our customers.

Finally, we always seek to provide the minimum amount of information permissible when responding to a request for disclosure.

Security 

We also protect customer data with the following additional safeguards:

  • Encryption

All customer data is encrypted while in transit and at rest. 

    • Enterprise-grade security protocols provide additional security for IP phone calls.
    • All internet facing portals have https (e.g.,https:// service.ringcentral.com). 
    • All non-voice customer data is TLS encrypted.
    • Hard phones use digital certificates to establish secure connections to download their provisioning data
  • Audit logging

This ensures generation of audit logs for all systems, devices or applications associated with the access, processing, storage, communication and/or transmission of customer data. 

  • User authentication

All users have individual accounts for unique traceability; shared accounts are not typically permitted. User passwords are configured to align with NIST guidance. RingCentral requires multi-factor authentication or two-factor authentication. 

  • Customer account control

This enables customers to manage account policies including the below:

    • Role-based access controls can be customised, or customers can use one of our standard, ready-to-use roles. 
    • Audit trails to track configuration changes, login attempts, phone number changes, admin/employee settings and permissions.
    • Single Sign-On (SSO): customer admins can define policies to enforce unique controls for each individual SSO application.
  • Toll fraud mitigation control 

Access control, detection controls and usage throttling prevents toll fraud. Customers also have granular control over who gets to make international calls and to where.

Comprehensive security for peace of mind.

Protect your data and communications.

Learn more
  • Multi-tenancy model

Our multi-tenant ensures a high degree of security so that one customer’s data is never available to another customer. We use this type of architecture and dynamic database views to form application layer boundaries between customer instances.

What can customers expect next?

Transparency report

We’ve reviewed our law enforcement access policy and will be publishing the first transparency report in the coming weeks. The report will clearly state how many law enforcement requests we received in the previous year, from which countries, and which type of data we provided.

Ongoing investment

RingCentral continues to prioritise European data centre infrastructure. Our European data centres allow European agencies and governments to move faster and embrace cloud technology. 

We hope to enable more organisations to take advantage of cloud communications to enhance the customer experience while controlling their data. Our data centres in Germany, the Netherlands, the UK and Switzerland remove barriers to innovation for industries with high data security requirements and provide in-Europe failover. This includes the same 99.999% uptime trusted service level agreement that customers expect. 

The promise of a new framework 

This time last year, the EU Court of Justice declared the EU-US Privacy Shield invalid, meaning it was no longer possible to rely on the Privacy Shield framework to transfer personal data to the USA. A year on, it’s encouraging to see ongoing discussions between the European Commission and US government to build a new framework for personal data that is transferred across the Atlantic. 

While we are optimistic for a government resolution in the near future, we will not become complacent. 

As a provider of cloud services for the European market, we align our practices with the requirements of the EU General Data Protection Regulation (GDPR). RingCentral also continues to strengthen its  European footprint and proudly follows the lead in understanding how to service EU residentswe will remain firmly on this path. 

Call to action banner
RingCentral uses qualified, independent third-party auditors to perform security audits. Visit our Trust Centre

Originally published Jun 11, 2021, updated Jun 15, 2021

Paola Zeni

Author

    Paola Zeni is the Chief Privacy Officer at RingCentral. She is an international privacy attorney with more than 20 years of privacy experience and a veteran of the cybersecurity industry, having worked at Symantec and more recently at Palo Alto Networks, where she built the privacy programme from the ground up. Her team’s mission is to build privacy into every product and process that touches personal information. Paola is member of the International Association of Privacy Professionals and a member of the Board of the Association of Corporate Counsels, San Francisco and Bay Area Chapter. She has practiced in Italy and is a member of the California Bar.

    Leave a Reply

    Your email address will not be published. Required fields are marked *