data sovereignty issues: a 15 minute debrief for not-for-profits
DESCRIPTION
The government has recently torn up a contract because a supplier was hosting their data overseas. This poses a threat to not-for-profit organisations across Australia, are you at risk of losing funding? In this 15 minute debrief for not-for-profit executives, we will explain all the important issues relating to data sovereignty.TRANSCRIPT
Data SovereigntyMICHAEL JABLONKABUSINESS DEVELOPMENT MANAGERR&G TECHNOLOGIES
Agenda
◦ Data Sovereignty
◦ Australian Privacy Principles (APPs)
◦ Protect Yourself
◦ Consequences
◦ Common cloud providers – where is your data?
◦ Common NPO implications
◦ About R&G Technologies
◦ Q & A
Data Sovereignty
‘The concept that information which has been created/stored in digital form is subject to the laws of the country in which It is located.’
- whatis.com/definition/data-sovereignty
The Background◦ In a nutshell, digitisation of data is the reason why the problem resurfaced again.
◦ Digital Data:◦ Is easy to work with (create and duplicate)◦ Is extremely portable in today’s connected world◦ Is a source of ‘blurred lines’ and management headaches for corporate entities◦ Source of many problem areas, thus in-turn source of many innovative solutions
◦ With corporate entities looking to solve their challenges (big data, off-site archival, backup, collaboration, etc…) cloud solution providers make very compelling business cases
The Legal Challange◦ Each country has a set of information privacy laws
◦ These laws vary severely between countries and most privacy acts lag severely behind technology
◦ So how does the average Australian trust his local power company with their personal data?
◦ Again, the problem is that principles found in APPs only apply to Australian based entities
‘Before an APP entity discloses personal information to an overseas recipient, the entity must take reasonable steps to ensure that the overseas recipient does
not breach the APPs in relation to the information.’
- Australian Privacy Principles (APPs) Chapter 8
Australian Privacy Principles (APPs)
◦ These have been around for years…lagging severely behind technology developments
◦ The APPs have been updated in March 2014, particularly APP 8, which deals with cross-border disclosure of personal information
You can read more about APPs, at www.oaic.gov.au (legal jargon warning)
Protect yourself
‘Enter into an enforceable contractual arrangement with the overseas recipient to handle the personal information in accordance with the APPs.’
- Office of the Australian Information Commissioner
◦ The Government are basically saying that it is your responsibility to contractually ensure your technology partners comply with the APPs
◦ This is all well and good… but… most cloud technology trends are inherently built with high availability, robustness, low cost, collaboration and business continuity goals in mind
Consequences◦ The Government will hold YOU accountable for any breaches made by technology partners or cloud
providers
◦ Government departments, agencies and fund recipients will shy away from doing business with you if you don’t satisfactorily demonstrate your (and your technology partners’) compliance with APPs
‘In July 2014, Australia’s Department of Defence terminated a $33.5M contract of Luxottica (OPSM) after it became apparent they were storing client information on
overseas servers.’
- The Australian (July 25th 2014)
Where is your data?
Australia Overseas
MYOB MS Office 365*
Xero Google Apps
Blackbaud Salesforce
Connecting Up IaaS MS Azure
Amazon Web Services Dropbox
Common NPO Implications◦ The ‘dropbox problem’
◦ Data retention legislations
◦ Geographical spread
◦ Cost implications
◦ Collaboration
◦ Client Management Systems
About R&G Technologies
◦ Award winning ICT consultancy with offices in Brisbane, Sydney and Melbourne
◦ Servicing NPOs Australia-wide◦ Trusted ICT partner; single source supplier for all your ICT needs◦ Connecting Up IaaS delivery partner
Q & A 1300 562 886 rgtechnologies.com.au
Data Sovereignty AssessmentEnquire with R&G on how we can help