As cloud services grow in popularity in Australia, it is imperative for cloud users to know exactly what laws govern the handling of private personal data when it comes to cloud storage.
Australia possesses an enormous amount of federal, state and territory laws, as well as industry standards and judicial resolutions, which are too many to cover here. However, the most recent important developments regarding data privacy pertain to amendments to the Privacy Act of 1988. The salient points are contained in the Australian Privacy Principles (APPs), which delineate the requirements for transmitting, storing, managing and using data in the cloud.
As such, companies must be careful about storing data offsite, perhaps even in another nation whose own privacy laws may or may not be as stringent as Australia’s. This responsibility is not just limited to the CIO; the security, legal, HR, and IT departments, the corporate auditors, and the procurement managers also must help out with analyzing data sovereignty and determining steps to maintain data security and manage risk.
Some important APPs to remember are:
- APP8. Entities must take reasonable steps to make sure that any overseas recipient of any personal information will comply with the APPs. The sender in Australia will be liable for any breaches on the APPs by the recipient.
- APP11.1. Entities must “take reasonable steps to protect the personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure”.
The good news is that most cloud service providers, particularly Amazon Web Services, allow users to maintain control of their data and where it is stored. If you so choose, AWS lets you to store your data in its Asia-Pacific Region (Sydney), circumventing regulations regarding offshore data storage. However, as security is a shared responsibility, you still must maintain the integrity of your data within the cloud. AWS does not know what content its clients upload and thus cannot distinguish personal information from other kinds of data. Responsibility for taking care of that data falls on the user.
To those looking to adopt it, cloud technology offers many advantages in terms of cost, efficiency, and agility. It’s just that companies must exercise keen judgment in order to maintain compliance with the APPs. If your company has lingering concerns on compliance with Australian data privacy laws, PolarSeven can help. Our extensive experience with cloud security allows us to recommend best practices suited to your particular environment. Contact us today.