9th November: The Concept of Business Continuity: Why a Disaster Recovery Plan Isn't Enough Read more
Data is a valuable asset, and it's easy to assume that a cloud provider will be secure and protect your privacy. If your data is hosted outside of Australia, are you confident that it's protected and managed with your best interests in mind?
Data sovereignty is quite a complex issue. To break it down in its basic form, Australian Data Sovereignty means your data remains in the jurisdictional boundaries of Australia.
Your data is governed by Australian rules and regulations. For example, things like the US Patriot Act have no impact. This means;
Company 1 has data centres across Australia. Their servers reside in Perth, Brisbane, Melbourne and Sydney. Recently, they have decided to move their customer service operations to an Indian call centre to save costs. This now means that customer information and some of their data is now sent and overseas. Company 1 can now no longer claim they offer data sovereignty as they are sending data outside of Australia.
Company 2 is a cloud provider based in America. They have data centres across the USA, and Australia. Their main office is in Utah, and they have a call centre presence in Sydney. All of the billing operations are handled from the Utah office, which means there is personal data that is sent to the US government and is governed by their laws. As the data is overseas, there is no claim to data sovereignty.
Company 3 is a cloud provider based in Perth. They have data centres in Perth, Brisbane, Hobart and Adelaide. Their call centre is based in Australia. No customer data leaves Australian shores from the data centre. All data is governed by the Australian Privacy Act and Data Protection regulations. Company 3 can claim to offer data sovereignty.
It's easy to get these two mixed up. Refer back to our earlier example. You've just uploaded your company data to a server based in the Melbourne office of Company 1 (example above).
Your data resides on the Melbourne server, and will be replicated to other servers across Australia. However, as their call centre is based in India, this does not fall under Data Sovereignty. Your data is residing in Australia, but can still be governed by Indian law.
It's quite easy to mistake the two, but rest assured, DC Two are a fully Australian owned and operated cloud provider. We guarantee 100% data sovereignty, none of our data is sent overseas.
Recently, there was some controversy around the Australian Government's COVID Safe app. It was shown that the data collected by the app is being stored on AWS (Amazon Web Services). There have been privacy and security concerns raised, with the personal information being recorded being stored overseas. This has forced a rethink into the way that the Government handles personal data that's being recorded. State, local and federal governments are now moving towards securing their data within Australian hosted and provided data clouds.
Being able to guarantee that your client's data is going to only be held within Australian borders will be a strong step forward in building on your reputation and relationships.
Data Sovereignty is covered under the Australian Privacy Act. For more information on the Act, please visit here.
If data sovereignty is important to your business, contact our team to discuss our flexible solutions.
I've known John and the DC Two team for a number of years. They are experts in all things cloud, and share the same passion for technology as our IT business, Ever Nimble. We have worked with them on a number of occasions, including a complex global Veeam deployment, and they have provided incredibly quick access to Co-Lo space when we needed it urgently. I would highly recommend the team; we are a very proud partner.
- Chris Morrissey, CEO, Ever Nimble