What You Need To Know About Australian Data Sovereignty

Author -  Sam Page

Know Where Your Data Is Stored - Or Face The Consequences

Australian providers need to be increasingly aware of where their data is stored

Australian Not for Profits need to ensure their international data storage complies with updated Australian Privacy Principles (APPs) and local laws. The consequences for failing to do this is a risk to any government funding.

This is most applicable to organisations that make use of cloud storage for their data as most cloud providers host their data overseas.

To ensure your organisation is not breaching any APPs, you’ll need to take reasonable steps to ensure your overseas cloud service provider does not breach any of the acts or practices. If they do, the Government will hold your organisation accountable – not the provider.

In this article we break down the major Australian & international information sources to give you a good basis to understand and act on recent developments.

What Do The APP’s Actually Say

Changes to the APP in March 2015 highlighted the particular importance of APP Chapter 8 – cross-border disclosure of personal information.

APP Chapter 8 reads, “Before an APP entity discloses personal information to an overseas recipient, the entity must take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information.”

What This Means

  • You need to know where your data is stored

  • Be sure that you are compliant if data is not stored locally

  • Understand the consequences if you are not compliant

Start by checking where your data is stored. Many cloud services, particularly international companies will be storing your data offshore. This is common for resources like Google Apps and large cloud hosting services. Once you have investigated how your data is being stored, you can begin to take reasonable steps to ensure that it is safe and not in breach of the APP's

If you are using offshore data storage, you are responsible for ensuring that the provider does not breach any APPs.

“[you must] enter into an enforceable contractual arrangement with the overseas recipient that requires the recipient to handle the personal information in accordance with the APPs.”

Contracts with offshore providers must contain:

  • What information is disclosed to the overseas recipient

  • An agreement from the overseas recipient that they will comply with the APP's

  • A clear privacy complaint-handling process

  • A data breach response plan that notifies your organisation

Failing to take these steps means that you can be held liable for breaches of APP's that your storage provider might make. This is the same as if you had made the breaches yourself.


What industry leaders are saying

Excellent in depth report by the cyber law center created for managers and CEO's

Contact Us

North America

+1866 494 6727

View On Map


+61 2 9045 7500

View On Map

UK & Europe

+44 (0) 207 471 0100

View On Map

Rest of the world

+64 (9) 486 9010

View On Map

Copyright © Winscribe