Knowing where your data is stored is critical as cloud computing becomes universal and governments here and overseas get tougher on data breaches. The concept of data sovereignty, where data is stored on localised cloud infrastructure rather than being piped offshore, has become popular among Australia-based organisations. A new wave of privacy regulation that tightens compliance requirements is helping push the trend.
While having localised cloud is clearly not the entire story with a well-constructed cyber resilience plan it does mean an organisation has some precision on where its data lives. It also means access to local assistance should something go wrong.
The Facebook data breach
A string of notable data breaches this year have added urgency to the need for organisations that deal with customer data to be across and complaint with tougher privacy legislation.
One of the most prominent incidents has been the Facebook breach that came to light in September.
Facebook revealed about 30 million user accounts were affected by a hack and 14 million Facebook users had their names, contact details, gender, relationship status and recent location check-ins exposed.
After the breach, Facebook found itself under investigation by the European Union (EU) using the powerful, new EU General Data Protection (GDPR) legislation.
The GDPR became enforceable in May and provides for fines for violators of up to €20 million or up to 4% of the annual global turnover. The law takes whichever of these amounts is greater.
GDPR not only applies to enterprises dealing with data inside the EU but any enterprise, regardless of location, that processes personal data of people inside the EU.
Under the GDPR, the Irish Data Protection Commissioner opened a formal investigation of the Facebook breach. The company could face a potential maximum fine of US1.6 billion.
While Australian enterprises with data collection operations in the EU need to make sure they are compliant with GDPR, we now also have active, home-grown data protection legislation.
Majority of SMB’s still yet to adopt Notifiable Data Breach scheme
This year saw the introduction of the Notifiable Data Breach (NDB) scheme which is administered by the Office of the Australian Information Commissioner (OAIC).
The NDB legislation puts fresh teeth into the Privacy Act and requires organisations to notify the OAIC and affected individuals of what are called eligible data breaches (EDBs).
An EDB is triggered when personal information held by an organisation is subject to unauthorised access or disclosure. In the case of information being lost somehow, an EDB occurs when unauthorised access or disclosure is likely to happen.
The other condition for an EDB triggering is that a reasonable person would conclude the access or disclosure would likely result in serious harm to individuals to which the information relates.
The NDB went live in February and applies to all Australian government agencies and organisations with an annual turnover of more $3 million.
The NDB scheme has already seen a large increase in data breach notifications.
In its Notifiable Data Breaches Quarterly Statistics Report for the period from April 1 to June 30 the OAIC received 242 data breach notifications.
This was more than double the 114 voluntary data breach notifications the OAIC received in the entire 2016-17 financial year before the NDB became effective.
In its report the OAIC found human error accounted for 36 percent of the reported breaches. The report said 59% came from malicious or criminal attacks and five percent from system errors.
As more and more breaches are exposed, consumers appear to be getting increasingly wary of having their data held by third parties.
A recent IT security survey of SMBs by HP indicated Australian consumers are often choosing to opt out of SMB data collection practices.
According to the HP Australia IT Security Study, 46% of Australian SMBs surveyed said customers are increasingly opting out of data collection and sharing.
Business owners were even more wary with 67% reporting they were uncomfortable with other businesses storing their personal data.
It appears the coming of the NDB has not sunk in with many Australian SMBs. Alarmingly, 1 in 5 of the SMBs surveyed hadn’t heard of the NDB scheme.
Diligent makes sure your data is secure
Diligent realised the importance of data sovereignty to business and government in the Australian market some time ago. In April this year Diligent switched on a local data hosting facility at a state-of-the-art campus operated by Canberra Data Centres (CDC).
Security at the CDC facility meets Australian Federal Government standards.
This includes a minimum standard for Zone 4 security. The facility is monitored 24 hours a day, 7 days a week by on-site security guards and CCTV.
Diligent’s CDC facility makes it easier for customers to demonstrate compliance with Australian privacy principles as well as industry specific data handling guidelines.
The local hosting facility also delivers a performance boost.
The improved latency for organisations with high data volumes means faster access and increased security for local clients using Diligent’s suite of governance-focused, cloud-based tools.
Download the whitepaper How Local Data Hosting Can Benefit A Range Of Organisations
April 16, 2021
Top Trends in Governance, Risk and Compliance for 2021
“You need a good [GRC] system. You need the right data. You need to share the data and take those organisational learnings.” -Zeke Ward, Founder, North Star Compliance Over the past year, companies across industries have navigated diversity, equity and inclusion issues, managed intensifying…
February 11, 2021
The Dangers of Unsecure Communication
When the coronavirus pandemic began earlier this year, organisations were forced to move their processes online. Now, sufficient time has passed to assess the systems they adopted when COVID-19 was a new emergency. The patchwork of tools assembled under the urgent conditions of 2020’s first and second quarters should be…
February 9, 2021
Governance Trends Shaping 2021: 4 Priorities to Drive Success
The COVID-19 crisis, new workplace paradigms, extreme climate change, political and economic volatility, and urgent calls for racial justice have driven a shift to virtual operations. This shift, alongside a move to stakeholder-centric capitalism, has elevated “digital resilience” to a core focus among leadership. These principles must now be translated…