Is Your Data Stored On Australian Soil? If Not, Your Business Could Be At Risk.
Data storage, security and sovereignty, are important issues facing businesses. Many Australian businesses who use software to assist with running their business are often unaware of data sovereignty laws and how it could negatively affect their business. Data Sovereignty laws allow a country to apply its laws on data stored within its jurisdiction. It only becomes an issue when countries store their data in offshore cloud services.
Depending on your software provider, they may or may not store data collected from their customers in Australia. It is crucial for business owners to know and be comfortable with the storage practices of their software provider(s). Businesses unaware of these practices could be placing their business and their customers at risk. Unbeknownst to them, their data could be held to a foreign country’s data security laws, and that country may have rights to access their data without the business’s knowledge or consent. Data stored overseas is subject to both the legal jurisdiction and privacy regulations of the country it is stored in. For example, in 2018 President Trump signed legislation allowing US law-enforcement agencies to access data that is stored by any US-based tech company.
Australia’s data sovereignty law requires that data be kept in a data centre located in Australia (data residency), and be only accessible by Australians at all times. In Australia, data held on Australian soil is subject to and protected by our Australian Privacy Principles (APPs). The APPs state that businesses must know the following:
- Where their data is stored.
- The storage is compliant with the requirements covered in the APPs.
- That they understand the consequence for non-compliance with the APPs.
It is the responsibility for Australian businesses to ensure that their data and their customers’ data is stored in accordance with the APPs.
What you can do to stay compliant with the APPs.
The easiest way to comply with the APPs is to choose an Australian-based business who stores their data in Australia. ThinkSmart Software would like to reassure its customers that their data is securely stored in Australia (in a Sydney based data centre). If your data is stored overseas, then how do you know that your provider is complying with the most recent policies and regulations of the country hosting your data? Also, there are a myriad of other requirements that you will need to ensure your software provider is complying with. Sounds like too much hassle, doesn’t it? That is why it is most savvy to choose an Australian-based provider.
Questions you need to ask your service provider (ThinkSmart took the test, and it measures up.)
Where will my data be stored?
Your provider should be able to clearly advise as to where they store their clients’ data. If the provider stores client data overseas, it is important to be aware that some countries may allow access to stored data for purposes of law enforcement and national security.
ThinkSmart Software holds its customers’ data onshore in Australia.
Will you encrypt my data?
It is an important question to ask as some providers offer this feature as part of their standard service, while others may consider this an additional feature with a fee attached.
All sensitive data held on ThinkSmart servers is encrypted. All data transferred to and from ThinkSmart servers is encrypted.
Will my data be deleted after my contract expires? If so, when?
Some service providers delete your data when your contract ceases. Others will keep your data for reuse.
ThinkSmart Software removes all of your account data when a customer cancels their subscription unless a customer requests we keep their data on hand.
Do you backup my data? If so, where is the backup stored?
Preservation of data in the event of data loss or a security attack is essential for ethical business practices. If a provider doesn’t provide a competent backup procedure for your data then look elsewhere.
ThinkSmart backups its customers’ data nightly and stores backup copies on the Australian server.
In summary, do your research when looking for a software solution for your business and always ask prospective providers where your data will be stored. If you want your data fully protected by our APPs, then make sure you stick with an Australian provider who keeps your data safely on our soil.
References
Data Sovereignty. Macquarie Government.
https://macquariegovernment.com/glossary/data-sovereignty/
What is Australian Data Sovereignty 20 November 2018 posted by GA Systems.
https://www.gasystems.com.au/what-is-australian-data-sovereignty/
Rules for protecting citizens’ personal data 15 June, 2018.
https://www.governmentnews.com.au/rules-for-protecting-citizens-personal-data/
Cloud computing and privacy, Consumer fact sheet. Australian Government.
How does Data Sovereignty work? Lawpath.