Why the data sovereignty issue won’t go away
- 17 June, 2014 14:11
Hosting your data in the cloud offers several benefits, including easier file sharing among employees, easy remote backup and, in some cases, cost savings.
Many Australian companies have adopted cloud software, which has resulted in their data being stored and shared with third parties all over the world.
However, Edward Snowden's revelations last year about the level of data collection and surveillance conducted by the National Security Agency (NSA) in the United States has renewed fears among Australian CIOs about offshoring data to US-based cloud vendors.
It might seem like stating the obvious, but when your data is in the cloud, it is actually a ‘resident’ of a particular country. As such, it is governed by the laws of that country and those laws might be very different, and significantly less friendly, than those of Australia.
The new privacy rules, which came into effect in March this year, have made the industry much more aware of the issue of offshore data hosting.
Indeed, organisations such as Coles and the Commonwealth Bank have recently decided to store less information offshore.
Speaking at the OAIC’s annual privacy breakfast this month, Coles CFO Rob Scott said the company was “very mindful that there is a perception that if information is in Australia it is safe and if it is not in Australian it is not safe.”
Fortunately, the capability of cloud based providers in Australia has significantly increased over the past few years.
If your organisation uses cloud software, it no longer means that your data is likely to be stored overseas. Australian cloud providers have made significant progress over recent years with many setting up their own data centres on our shores.
CIOs have access to world class software to analyse their data and excellent information management expertise right here in Australia. Most Australian companies can provide all of the benefits and features that their US counterparts do.
Although the recent Commission of Audit suggested that a ‘cloud first’ policy could achieve significant savings, government CIOs still have to obtain approval from two ministers before they can store sensitive data in an offshore or onshore public cloud.
The effort required for a double-ministerial approval in the public sector, certainly suggests that classified information and any data subject to the Privacy Act will likely remain in Australian data centres.
However, where the real opportunity lies for government department and agencies in relation to data, is collaboration. For example, the Australian Tax Office (AATO) matches income and welfare data from other government departments, against reported taxable income.
Information gathered from different departments can highlight those who aren't reporting their income correctly, prompting ATO staff to take a closer look at an individual’s or a business’ books.
Australian organisations, whether private or public, have to assess their own risk, when deciding where their data is stored.
CIOs need to ensure that their cloud vendor or provider – wherever they may be located – can help them comply with the Australian privacy laws. If they can’t, it might be time to look to an Australian cloud provider who can.
Conrad Bates is the managing partner at C3 Business Solutions.