Tribal Data Sovereignty and Offsite Cloud Storage

Hi ​@CheeseHeadChris -

Welcome to the Community!

Now that’s an interesting scenario...one I’ve not heard about on here. Interested to see if anyone else in the U.S. has had this requirement arise and what was done…. 🤔

Have you researched laws or any local compliances for the given tribe(s) in question?

I have not identified any official documentation or policies outlining data sovereignty requirements yet.

That said, the customer did mention they are in the process of migrating from on-premises Exchange to what they referred to as a “sovereign tenant” within Microsoft 365. I am assuming this likely means a GCC tenant, which would suggest there are at least some compliance or regulatory considerations influencing their cloud strategy.

Unfortunately, my primary contact at the tribal clinic has not been able to provide additional clarity regarding any specific legal or compliance mandates driving this requirement.

I am not in the US (Canada here) but did some searching with AI and found the following which you will need to validate and verify. This was done with Claude AI, which I use daily for my work with Veeam, etc.

So again, please take this with a grain of salt until validated and verified to be accurate.  Hopefully it helps get you going.

This document is a checklist with a text diagram and other details from Co-Pilot, as I was running that at the same time as Claude.  Just for comparison.

Good stuff here, 

Thanks Chris!

Not a problem.  Like I said, ensure to validate the information before using. 😉

One way we’ve satisfied this (and in Europe with similar request) is to have customer set encryption key. That way data is useless without the customer’s use of the key.

That’s certainly an option Rick; unless there’s some specific requirement/law stating data has to reside at a certain location