Third-party services leaving Aussie data at risk in foreign jurisdictions
Wads of Australian data is being hosted in offshore servers, often unbeknown to the companies who own the data and allowed it to leave local shores in the first place.
Wads of Australian data is being hosted in offshore servers, often unbeknown to the companies who own the data and allowed it to leave local shores in the first place.
The phenomenon has been brought to light of late as regulators step up their checks and scrutiny of companies which store vast amount of data about their users, says David Tudehope, Macquarie Technology Group chief executive and co-founder.
Many are blind to the fact the use of some third-party vendors was allowing the offshore storage to take place, and it left many companies legally bound by foreign jurisdictions and regulators, Mr Tudehope told a crowd at the British Chamber of Commerce AI & Technology Summit at the Intercontinental Hotel in Sydney on Tuesday.
In other cases, some organisations were fighting to repatriate the data amid mounting legal and regulatory pressure.
Mr Tudehope likens the situation to flying, where although a passenger might be Australian and the aircraft they’re travelling in may belong to a European airline, if they’re flying over Chinese airspace then they’re under the jurisdiction of China.
Data wasn’t any different. “Wherever the data resides, that’s the jurisdiction that applies,” he told the summit.
When things went wrong and hacks occurred or data was stolen, companies were then finding themselves in foreign courts facing sanctions and other penalties, all for using services which had allowed for the data to be downloaded, he said.
“I think most companies take their data offshore without making a conscious decision. They just signed on to a service that sounded like a good opportunity.”
The phenomenon, which Macquarie Technology Group was attempting to reverse, not only left companies vulnerable but also their Australian customers, he said.
The massive misunderstanding was not just taking place in the private sector but also in some Australian government agencies.
“I think it’s just not understood at all across a broad range of industries and even in some parts of the government,” Mr Tudehope said
“I think there’s a bit of a view that the cloud somehow operates in some parallel universe to the rest of us and when businesses click accept on a cloud-based software product that somehow it’s different.
“Of course, it isn’t, it lives inside servers and storage within data centres which physically exist in someone’s country.”
Many organisations were only finding out their data was bound by foreign jurisdictions when incidents had occurred. “When something does go wrong, like a hacking or some data is lost in a foreign jurisdiction, it’s already too late,” Mr Tudehope said.
Macquarie Technology Group had increasingly begun to roll out awareness campaigns and warn its customers and other businesses allowing their data to be kept overseas exposed them to significant risks.
Talks about data and jurisdiction are becoming increasingly common in Australia as regulators crack down on companies who aren’t managing the storage of their data safely.
“Regulators have been far more proactive about that for industries considered critical, they want citizen data to be kept onshore,” Mr Tudehope said.
“Pretty much every country around the world has brought in legislation and regulators are becoming more and more active in this space.”
Locally, the Australian Prudential Regulation Authority was leading the charge on crackdowns. While most industries were playing catch up, some were already ahead of the curve including the healthcare industry, which was mandated by the federal government over a decade ago to store health records in Australia.
More Coverage
Mike Cannon-Brookes’s Atlassian revs into Formula One
Mike Cannon-Brookes is the latest Australian billionaire to muscle into Formula One, with Atlassian becoming the new title sponsor for Williams as the F1 team seeks to reverse its fortunes after hitting the skids.
Brothers score $179m to expand health tech start-up
A Sydney start-up has closed one of the year’s biggest capital raisings and hopes its rapid scan reading technology will now be rolled out here and the US, following success in the UK and Asia.