On March 12, 2014, new privacy laws in Australia made it compulsory to notify new and existing customers about the data you collect and what you do with it.
The new data privacy laws introduces harsh financial penalties for individuals and companies found guilty of serious information breaches. Under the new legislation, the Australian Privacy Commissioner can seek civil penalties of up to $340,000 for individuals and up to $1.7 million for companies in the case of a serious privacy breach.
Australian organisations should already have their houses in order by building privacy and data protection in the design specifications and architectures of their IT systems to facilitate compliance.
They should also be aware of Australian Privacy Principal 8, which requires an entity – before they ‘disclose’ information to an overseas recipient such as an offshore data centre or cloud providers – is required take reasonable steps to ensure the receiver does not breach the new rules.
The challenge with overseas data centres or cloud providers (or local companies that aggregate or resell overseas cloud products) will be ensuring contracts are robust enough to ensure the data is going to be handled in accordance with Australian Privacy Principles.
The Office of the Australian Information Commissioner (OAIC) suggests that a ‘disclosure’ occurs when information is released from an entity’s effective control. Providers that store, replicate or back up data to overseas data centres (including Google and Amazon) are potentially breaching this.
Further compounding the negativity around overseas providers is their own obligation to meet their local laws. Any data stored in the US for example, is subject to US privacy laws and the Patriot Act; meaning US agencies can potentially access to the data. We are yet to see the ramifications this has Australian businesses and their new data obligations.
blueAPACHE’s emPOWER Cloud is entirely located in Australia. No data is stored, replicated or backed up overseas.
To learn more on the new privacy laws, visit the OAIC site.
To better understand your data privacy compliance requirements or to learn more about blueAPACHE’s emPOWER Cloud, contact our Account Management team.