The importance of data sovereignty in Australia

Data security and privacy is paramount to all organisations on a global scale, especially in an ever-evolving technological world where data is consistently uploaded, managed and stored online. 

A 2020 survey found that 57.9% of respondents are not at all confident that companies take adequate steps to protect their data, with 39.2% of respondents believing that the biggest online privacy threat are site hackers and other types of cybercriminals. Not surprisingly, the Australia Small Business and Family Ombudsman (ASBFEO) found that cybercrime costs the Australian economy more than $1 billion annually.

The advancement of technology and the rise of cloud products and services brings with it a variety of privacy, security, regulatory and compliance concerns that need to be addressed and managed. One of these concerns, in particular, is data sovereignty: ensuring that your data remains within Australia.  

The Australian Privacy Principles (APP) are the cornerstone of the privacy protection framework in the Australian Privacy Act (1988) (Privacy Act), which covers data sovereignty. AAP 8 covers cross-border disclosure of personal information, stating that an Australian organisation which discloses personal information to an overseas recipient must take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to information and that the Australian organisation is responsible for any breaches incurred by improper use of information. 

When using a cloud-based platform for any form of communication, it’s important to understand exactly where your data is stored, if your current provider offers a data sovereignty option and how important it is to ensure your data is safeguarded when sending, receiving or storing data on the cloud. 

What is data sovereignty?

Data sovereignty restricts how businesses can transfer personal information outside of the country, preventing other nations from acquiring the data of their citizens. Defined by LegalVision Australia, data sovereignty refers to the concept that data may be subject to the laws of more than one country. This can occur when data is stored digitally with a cloud service provider and therefore, may be stored overseas. 

In other words, if an organisation states they comply with data sovereignty in Australia, they must store data in accordance with all the data privacy regulations, best practices and guidelines outlined under the Privacy Act and APPs. If an organisation is based offshore but has Australian customers, they cannot offer Australian data sovereignty as personal information may be processed and stored outside the country. 

As an 100% Australian owned and operated business, Notifyre offers data sovereignty to all our customers. 

Data sovereignty vs data residency

Although the two terms are regularly used interchangeably, data sovereignty and data residency are different.   

Data sovereignty refers to the laws and jurisdiction that can be asserted over data because it is physically located within certain jurisdictional boundaries. For example, if an organisation claims to offer data sovereignty in Australia, they must comply with the laws and regulations associated with the Privacy Act and APPs. Each country, however, may have different regulations on how organisations can handle their citizens’ data.  

Data residency, on the other hand, is defined as the storage of data within a particular region where that data is processed in accordance with the laws, customs and expectations of that specific region. For example, an organisation may offer its customers the ability to store their data in a different region due to its advanced regulatory environment around data privacy or, in most cases, due to tax benefits.  

Why is data sovereignty a concern for Australian organisations?

The physical location of data is vital to its protection. If your data is unknowingly stored overseas, your data may be at risk of unauthorised access and security breaches. 

A recent issue of data sovereignty was brought to light in early 2020 as ABC reported the Australian Government used Amazon Web Services (AWS) to host its COVIDSafe contact tracing app. Even though AWS was legally required to host the COVIDSafe data in Australia, the United States law enforcement still had access to the data, which sparked major concerns for Australian citizens. 

Ensure your data never leaves the country with Notifyre

Notifyre is committed to always safeguarding your data by complying with Australian data sovereignty laws and regulations. Make sure your data never leaves the country with data sovereignty.