Tuesday, March 1, 2016
Australian providers need to be increasingly aware of where their data is storedAustralian Not for Profits need to ensure their international data storage complies with updated Australian Privacy Principles (APPs) and local laws. The consequences for failing to do this is a risk to any government funding.This is most applicable to organisations that make use of cloud storage for their data as most cloud providers host their data overseas.To ensure your organisation is not breaching any APPs, you’ll need to take reasonable steps to ensure your overseas cloud service provider does not breach any of the acts or practices. If they do, the Government will hold your organisation accountable – not the provider.In this article we break down the major Australian & international information sources to give you a good basis to understand and act on recent developments.
Changes to the APP in March 2015 highlighted the particular importance of APP Chapter 8 – cross-border disclosure of personal information.
APP Chapter 8 reads, “Before an APP entity discloses personal information to an overseas recipient, the entity must take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information.”
You need to know where your data is stored
Be sure that you are compliant if data is not stored locally
Understand the consequences if you are not compliant
Start by checking where your data is stored. Many cloud services, particularly international companies will be storing your data offshore. This is common for resources like Google Apps and large cloud hosting services. Once you have investigated how your data is being stored, you can begin to take reasonable steps to ensure that it is safe and not in breach of the APP's
If you are using offshore data storage, you are responsible for ensuring that the provider does not breach any APPs.
“[you must] enter into an enforceable contractual arrangement with the overseas recipient that requires the recipient to handle the personal information in accordance with the APPs.”
What information is disclosed to the overseas recipient
An agreement from the overseas recipient that they will comply with the APP's
A clear privacy complaint-handling process
A data breach response plan that notifies your organisation
Failing to take these steps means that you can be held liable for breaches of APP's that your storage provider might make. This is the same as if you had made the breaches yourself.
Summary from Gordon Tan that breaks down the basics succinctly
Online webinar recording detailing the issues faced with hosting overseas
A more in depth look at the issues surrounding data sovereignty
A thorough strategic whitepaper on international storage and privacy
6 Ways Cloud Dictation Benefits Law Firms
Wednesday, May 18, 2016
What You Need To Know About Australian Data Sovereignty
Tuesday, March 1, 2016
Reducing Hospital Costs with Improved Clinical Documentation Management
Friday, January 29, 2016
The Patient Story Webinar | Clinical Documentation Webinar
Tuesday, December 1, 2015
Viva ILTACON 2015!
Monday, October 5, 2015
How Much Billable Time Is Your Firm Losing
Sunday, August 23, 2015
100 Days of Mental Health CONFED write-up
Monday, July 13, 2015
Mobile Speech Productivity for Lawyers – Feed Your Appetite for Efficiency
Friday, June 12, 2015
Improving Documentation & Patient Care Using Your Voice
Wednesday, June 10, 2015
Winscribe Leads More Trusts to go Paperless
Wednesday, June 3, 2015
Rethinking Document Production: Legal Management
Wednesday, May 27, 2015
Inside Legal IT 2015 Recap
Choosing A Digital Dictation System | Chart
Thursday, May 7, 2015
The UK British Legal Technology Forum Review
Wednesday, April 22, 2015
Working on the move – is it really that hard?
Using Speech Recognition to Improve EMR Adoption