What were they thinking? Was there a Risk Officer on the LinkedIn ship … it’d appeared not.
Earlier last month and after several warnings the Russian communications regulator, Roskomnadzor, ordered internet service providers to block access to LinkedIn after a court ruled that the social networking website was guilty of non-compliance with recent legislation on personal data storage.
Was LinkedIn really asking for it or simply complacent in the risk management of its overseas’ operations? Clearly there were some failings and perhaps non-compliance from foreign governments was probably not a top priority for LinkedIn. Well, this case reinforces the facts that the consequences of non-compliance are very serious risks for any business.
In summer 2014, the Russian government passed a legislation mandating the “local storage” of information related to its citizens. In simple terms – if a web service provider holds the information of a Russian citizen, they are required to maintain this information on Russian-based servers. And for the majority of web service providers who did not have servers within the country then it presented a problem.
From the perspective of Russian protectionists – the law makes sense.
For instance, the majority of Facebook servers are located in the United States, the NSA and other US government intelligence agencies have the convenience of proximity when attempting to access this information. By requiring companies like Facebook to house the personal data of Russians on Russian-based servers, the Kremlin is enhancing its ability to access and utilise that information.
In addition to the national security rationale, there is an economic incentive for Russia to pass this legislation. Large data centres, like the ones used by LinkedIn, are expensive to build and even more costly to maintain. By requiring this domestic IT development, Russia is working to ensure they remain relevant in the modern economy.
Russia shuts LinkedIn down
The recourse for not following this legislation is clear. Firm’s that do not abide are at risk of having access to their websites shut down by Russia’s state communications agency, Roskomnadzor.
In 2016, after months of working with LinkedIn to comply with the new regulation, Roskomnadzor took LinkedIn to court alleging that the firm had failed to comply with the law and consequently Internet access to their site should be terminated. Following several rounds of court proceedings, a Russian court upheld the charge by Roskomnadzor that LinkedIn was in violation of the new law and as such, access to the site should be blocked.
The immediate reaction from the global community was outrage. How can Russia block access to a public website?
Maria Olson, spokeswoman at the US Embassy in Moscow speaking to Reuters said that “The United States is deeply concerned by Russia’s decision to block access to the website LinkedIn,” and added that Washington urged the Russian authorities to restore access immediately to LinkedIn as the restrictions harmed competition and more particularly the Russian people.
For its part, LinkedIn has already spent a considerable amount of money on Russian legal fees. Following the loss of this court case, the company now needs to develop a contingency plan for Russian based servers.
Microsoft comes to the rescue
As mentioned previously, the cost of building and maintaining modern server farms can be drastic. And LinkedIn has been struggling since April 2015 when it bought the online learning portal website Lynda.com for $1.5 billion (£1 billion). To make things worse, the company announced lower earnings than expected in February 2016 which sent a shock wave across the financial markets wiping $10 billion off its stocks value.
However, few months later the company managed to sign a strategic deal with the behemoth software company Microsoft that could relieve its financial worries. The Russian agency is now in negotiations with the US software giant to find solutions to restore LinkedIn website access and resume operations within the country.
According to the Allianz Risk Barometer 2016 which surveyed over 800 risk managers and insurance experts from more than 40 countries, the most important risk for businesses in Russia is Changes in legislation and regulation
Since the Snowden revelations of global mass surveillance of states officials and ordinary citizens by the US government agencies, many countries including Russia have been vocal about the potential threat to the privacy of its citizens.
Even the European Union has invalidated the ‘Safe Harbour’ agreement that was signed with the United States Department in 2000 as a means to ensure necessary protection for European individuals whose personal data is transferred from the European Economic Area to the US.
This has been replaced by the EU-US Privacy Shield that provides stronger obligations on US companies that collect personal data.
Since Vladimir Putin re-election, Russia has been increasingly putting protectionist policies and this is reflected in the Global Risks Report 2016 which states that “States establish further controls over the internet, sometimes in collaboration with allies, building their own capabilities in data storage, search, and infrastructure – and using security threats and the promise of better public services through big data to win popular support.”
Furthermore, LinkedIn having a relatively small executive team and not employing a Chief Risk Officer did not excuse the company to have failed to deal with the Russian government data protection laws.
It appears that Mike Gamson, Senior VP of Global Operations and Mike Callahan, VP and General Counsel, underestimated the Russian business risk.
Firms should be prudent to closely watch the LinkedIn situation and take this warning seriously from the World Economic Forum. As the global business landscape continues to change, well researched firms with solid risk management strategies will be ahead of the pack.