Truly exceptional digital experiences run on data. As enterprises grew up and out, extending their global reach, shuttling data across physical borders and digital boundaries became necessary to continue to deliver the same experience to all. 

However, doing so has come under heightened scrutiny due to the privacy and security implications associated with that constant and far-reaching movement. Given that privacy has become more conceptually complex in an increasingly digitized world, it is all the more critical to keep it top of mind, especially as the landscape continues to change. 

The Ever-Changing Data Security Landscape 

While privacy has already been rising in importance for some time now, recent events have brought it to the forefront of conversations surrounding the growth and development of global enterprises. 

In May 2018, the EU General Data Protection Regulation (GDPR) went into effect, providing a legislative framework designed for a world gone digital. Given that our lives are increasingly data-centric – just think about how many businesses to which you’ve given personal data in order to use a service they provide – there was a clear need to regulate the usage of that data in order to protect consumers and organizations alike. 

The GDPR created new, legally-mandated compliances that must be met by both EU-based organizations and organizations that supply a good or service to the EU.

The institution of this framework changed the calculus for organizations everywhere. It necessitated the creation of compliance strategies and, as a result, the need for new standard operating procedures for data-usage and personnel to carry them out effectively. And it continues to inspire new legislation, from India to Brazil.  

In July 2020, the European Court of Justice (ECJ) invalidated the EU-US privacy shield. The EU-US Privacy Shield was a GDPR mechanism that allowed organizations to transfer personal data from the EU to the US. However, the ECJ determined that this data sharing arrangement did not provide sufficient protection for that data. If this sounds familiar, that’s probably because a very similar event occurred five years ago when the court invalidated the Privacy Shield’s predecessor: Safe Harbor.

Secure Search that Crosses Content and Continents

The above changes are reflective of a regulatory environment that is constantly in flux, especially when it comes to data sharing. The best way to deal with the uncertainty is to have control over where your data resides. 

Data residency capabilities are an integral part of delivering on the security requirements imposed by regulators and internal IT teams alike. With data residency, it is far easier to control data usage and compliance, which helps you avoid unintentional violations and substantial fines in a world where the rules are constantly changing. 

For example, Coveo processes data – as search queries – in hundreds of countries around the world. And today we offer you the ability to choose which region your data is stored. 

You can choose to store your data in regions based in the US, EU, and Australia, with service regions currently available outside of the United States that include Dublin and Sydney. The best part is that this ability is enabled through a global cloud infrastructure that can scale globally to meet demand:

You can store your data in multiple regions across the globe.

Configuring Data Residency in the U.S., Europe, and Australia 

With Coveo, when your customer account is provisioned, you will choose the region in which data should reside. 

In the organization selection dropdown, you’ll notice the ability to toggle by region in order to filter or create a new sandbox, production or development org in a specific region. When you choose to configure an organization in these locations, Coveo will store your data at-rest and in-transit only in the selected region (per our subscription license terms). The index (and Index Pipelines), search engine, machine learning, usage analytics, and administrative console are all hosted in the selected region. 

It is simple to create a new sandbox, production or development org in a specific region.

Trust in How Your Data is Processed, Shared, and Stored

Our customers’ data privacy and security have always been our top priorities. There is a great deal that goes into securing your account, and we take each aspect seriously: 

  • Data is encrypted in-transit and at-rest, and the Coveo index is completely segregated from other customer data.
  • We conduct meticulous self-assessments to verify internal controls and undergo rigorous third-party audits. 
  • We offer customer support to help them meet obligations under the California Consumer Privacy Act, the EU General Data Protection Regulation (GDPR), HIPAA. 

We also apply the principles of zero trust throughout our global cloud infrastructure forcing anything and everything, whether it’s inside our perimeter or outside, within a service region or beyond, to authenticate before granting access. 

While protecting customer data should be of great concern, the tools you use to do so should support you in that endeavor rather than make an increasingly complex digital world more difficult to navigate. 

Data residency is available now for all customers. To learn more about security at Coveo, including data residency, visit: