Data SovereigntyMICHAEL JABLONKABUSINESS DEVELOPMENT MANAGERR&G TECHNOLOGIES

Agenda

◦ Data Sovereignty

◦ Australian Privacy Principles (APPs)

◦ Protect Yourself

◦ Consequences

◦ Common cloud providers – where is your data?

◦ Common NPO implications

◦ About R&G Technologies

◦ Q & A

Data Sovereignty

‘The concept that information which has been created/stored in digital form is subject to the laws of the country in which It is located.’

- whatis.com/definition/data-sovereignty

The Background◦ In a nutshell, digitisation of data is the reason why the problem resurfaced again.

◦ Digital Data:◦ Is easy to work with (create and duplicate)◦ Is extremely portable in today’s connected world◦ Is a source of ‘blurred lines’ and management headaches for corporate entities◦ Source of many problem areas, thus in-turn source of many innovative solutions

◦ With corporate entities looking to solve their challenges (big data, off-site archival, backup, collaboration, etc…) cloud solution providers make very compelling business cases

The Legal Challange◦ Each country has a set of information privacy laws

◦ These laws vary severely between countries and most privacy acts lag severely behind technology

◦ So how does the average Australian trust his local power company with their personal data?

◦ Again, the problem is that principles found in APPs only apply to Australian based entities

‘Before an APP entity discloses personal information to an overseas recipient, the entity must take reasonable steps to ensure that the overseas recipient does

not breach the APPs in relation to the information.’

- Australian Privacy Principles (APPs) Chapter 8

Australian Privacy Principles (APPs)

◦ These have been around for years…lagging severely behind technology developments

◦ The APPs have been updated in March 2014, particularly APP 8, which deals with cross-border disclosure of personal information

You can read more about APPs, at www.oaic.gov.au (legal jargon warning)

Protect yourself

‘Enter into an enforceable contractual arrangement with the overseas recipient to handle the personal information in accordance with the APPs.’

- Office of the Australian Information Commissioner

◦ The Government are basically saying that it is your responsibility to contractually ensure your technology partners comply with the APPs

◦ This is all well and good… but… most cloud technology trends are inherently built with high availability, robustness, low cost, collaboration and business continuity goals in mind

Consequences◦ The Government will hold YOU accountable for any breaches made by technology partners or cloud

providers

◦ Government departments, agencies and fund recipients will shy away from doing business with you if you don’t satisfactorily demonstrate your (and your technology partners’) compliance with APPs

‘In July 2014, Australia’s Department of Defence terminated a $33.5M contract of Luxottica (OPSM) after it became apparent they were storing client information on

overseas servers.’

- The Australian (July 25th 2014)

Where is your data?

Australia Overseas

MYOB MS Office 365*

Xero Google Apps

Blackbaud Salesforce

Connecting Up IaaS MS Azure

Amazon Web Services Dropbox

Common NPO Implications◦ The ‘dropbox problem’

◦ Data retention legislations

◦ Geographical spread

◦ Cost implications

◦ Collaboration

◦ Client Management Systems

About R&G Technologies

◦ Award winning ICT consultancy with offices in Brisbane, Sydney and Melbourne

◦ Servicing NPOs Australia-wide◦ Trusted ICT partner; single source supplier for all your ICT needs◦ Connecting Up IaaS delivery partner

Q & A 1300 562 886 rgtechnologies.com.au

michaelj@rgtech.com.au

Data Sovereignty AssessmentEnquire with R&G on how we can help