The government has recently torn up a contract because a supplier was hosting their data overseas. This poses a threat to not-for-profit organisations across Australia, are you at risk of losing funding? In this 15 minute debrief for not-for-profit executives, we will explain all the important issues relating to data sovereignty.
2. Agenda
◦ Data Sovereignty
◦ Australian Privacy Principles (APPs)
◦ Protect Yourself
◦ Consequences
◦ Common cloud providers – where is your data?
◦ Common NPO implications
◦ About R&G Technologies
◦ Q & A
3. Data Sovereignty
‘The concept that information which has been created/stored in digital
form is subject to the laws of the country in which It is located.’
- whatis.com/definition/data-sovereignty
4. The Background
◦ In a nutshell, digitisation of data is the reason why the problem resurfaced again.
◦ Digital Data:
◦ Is easy to work with (create and duplicate)
◦ Is extremely portable in today’s connected world
◦ Is a source of ‘blurred lines’ and management headaches for corporate entities
◦ Source of many problem areas, thus in-turn source of many innovative solutions
◦ With corporate entities looking to solve their challenges (big data, off-site archival, backup,
collaboration, etc…) cloud solution providers make very compelling business cases
5. The Legal Challange
◦ Each country has a set of information privacy laws
◦ These laws vary severely between countries and most privacy acts lag severely behind technology
◦ So how does the average Australian trust his local power company with their personal data?
◦ Again, the problem is that principles found in APPs only apply to Australian based entities
‘Before an APP entity discloses personal information to an overseas recipient, the entity
must take reasonable steps to ensure that the overseas recipient does
not breach the APPs in relation to the information.’
- Australian Privacy Principles (APPs) Chapter 8
6. Australian Privacy Principles (APPs)
◦ These have been around for years…lagging severely behind technology developments
◦ The APPs have been updated in March 2014, particularly APP 8, which deals with cross-border
disclosure of personal information
You can read more about APPs, at www.oaic.gov.au (legal jargon warning)
7. Protect yourself
‘Enter into an enforceable contractual arrangement with the overseas recipient to
handle the personal information in accordance with the APPs.’
- Office of the Australian Information Commissioner
◦ The Government are basically saying that it is your responsibility to contractually ensure your
technology partners comply with the APPs
◦ This is all well and good… but… most cloud technology trends are inherently built with high availability,
robustness, low cost, collaboration and business continuity goals in mind
8. Consequences
◦ The Government will hold YOU accountable for any breaches made by technology partners or cloud
providers
◦ Government departments, agencies and fund recipients will shy away from doing business with you if
you don’t satisfactorily demonstrate your (and your technology partners’) compliance with APPs
‘In July 2014, Australia’s Department of Defence terminated a $33.5M contract of
Luxottica (OPSM) after it became apparent they were storing client information on
overseas servers.’
- The Australian (July 25th 2014)
9. Where is your
data?
Australia Overseas
MYOB MS Office 365*
Xero Google Apps
Blackbaud Salesforce
Connecting Up IaaS MS Azure
Amazon Web Services Dropbox
10. Common NPO Implications
◦ The ‘dropbox problem’
◦ Data retention legislations
◦ Geographical spread
◦ Cost implications
◦ Collaboration
◦ Client Management Systems
11. About R&G
Technologies
◦ Award winning ICT consultancy with offices in Brisbane, Sydney
and Melbourne
◦ Servicing NPOs Australia-wide
◦ Trusted ICT partner; single source supplier for all your ICT needs
◦ Connecting Up IaaS delivery partner
12. Q & A 1300 562 886
rgtechnologies.com.au
michaelj@rgtech.com.au