Australian Privacy Legislation And The Cloud – Are You Compliant?
One of the great challenges for businesses and organisations at any level is ensuring compliance with legislation. In this blog we discuss what you need to comply with Australian law, how you can protect yourself and what to be aware of.
Privacy legislation is a major area with which businesses must comply and which varies around the world. From the latest privacy legislation enacted in Europe to managing compulsory data breach reporting in Australia, organisations have a complex set of requirements with which to comply. With the growth in cybercrime organisations acknowledge that they must protect their information systems, but is guarding computer systems enough to comply with privacy legislation?
The rate of change is significant and protecting systems from the ever-increasing business risks including cybercrime, demands a best practice approach. From loss of information through error to theft, the need for diligence and compliance is essential. Not only to comply with legislation but to protect the information assets of the organisation.
Increasingly organisations are turning to cloud service providers to provide cost efficiencies, flexibility and scalability in managing information systems. Additionally, cloud providers work to high security standards and this offers organisations a level of compliance, with which they can leverage. Cloud providers comply with industry standards, through employing experienced and skilled staff and using state of the art security systems and operate highly secure data centres.
However, moving systems to cloud providers could be a dual edged sword. If you’re an Australian company and the cloud service provider is hosting your data in another country, you have a compliance issue.
Cloud solutions are not all created equal. Why? Privacy legislation. Australian privacy legislation, as an example, has a requirement in respect to “cross-border disclosure of personal information”. Along with many requirements, it states: “…the entity must take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles.” This means an overseas cloud provider needs to comply with Australian legislation.
If your cloud provider is offshore or the data is stored in a data centre offshore, there is a compliance issue. Does the cloud provider store the information to the standards required by Australia law? You need to know. Do they host your data locally, but back it up overseas? If hosted or backed up overseas, which country is it stored and what laws and standards apply? The answers may well be different if it is hosted in Europe and subject to European GDPR privacy law or located in the Philippines.
When considering your cloud options, this is a critical factor in the decision. If the cloud provider host overseas, then you need to be satisfied that they comply with Australian Privacy Principles. How do you do that? Is a statement sufficient or do you need to verify?
Consultel Cloud provides cloud services that hosts the data in Australia. This alone provides a tick in the box for compliance with Australian Privacy Principles. Consultel Cloud also has data centers in USA, UK and Asia to meet our client’s needs around the globe.