Proposed privacy changes puts pressure on cloud

Cloud computing has been a major topic within the IT industry for some time now. Business analysts, industry analysts and security analysts have all expressed varying views on this technology. Security still remains the primary concern for organisations looking to adopt a cloud strategy, two of the key elements in particular being the questions around legal jurisdictions and ownership of data. The debate on this subject continues but is also now set to be reviewed by the federal government next year.

Amendments to Austalian privacy legislation are to be debated mid next year. The Senate has issued a draft of privacy principles (available for download here) for Australia, which will affect those organisations who currently outsource their data to cloud providers hosted overseas, as well as international cloud service providers.

Privacy Principal 8 talks specifically about any data stored overseas pertaining to Australian citizens, stating that these international data providers must ensure the same principles and protection as those stated in Australia's Privacy Principles. Should this Principal be adopted as legislation, it will spell consequences for large leading cloud organisations such as Salesforce.com and Amazon, who currently outsource data to Asian countries.

Australian businesses  may either demand that these vendors hold data locally or shop around for equivalent Australian hosted solutions. Overall this is a good thing for Australia as we need better governance over our data and this will also ensure that Australian business more maturely assesses information risks as it pertains to IT systems.  

For the time being however, formal legal advice should always be professionally performed prior to any cloud service being implemented, especially as it relates to foreign hosted data.