• Contract Management
  • eSignature
  • Company Management
  • Team Collaboration
  • Workflows
  • Legal Services
  • Templates
  • Lawpath AI
Platform Overview
Pricing
  • Platform Support
Sign up for free
Login
Solutions

For your Industry

Get a free document
Features
  • Running a Business
  • eSignature
  • Company Management
  • Team Collaboration
  • Workflows
  • Legal Services
Platform Overview
Platform Overview
Pricing
Resources
  • Platform Support
  • Our Customers
Sign up for free

How does Data Sovereignty work?

What is Data Sovereignty?

Data sovereignty is the idea that a country should be able to enforce its laws on data stored within its jurisdiction. This is not a concern when a company stores data in the country it operates in. However, this becomes an issue when data servers are located outside the country in which the business operates.

For example, a lot of businesses have customer service call centers located outside Australia. This requires the Australian business to provide customer’s personal information to the call center located outside the Australian jurisdiction, thereby making that data subject to different rules.

Privacy Laws

Our privacy laws require a business to ensure they have proper data security mechanisms in place to protect data. A business needs to know:

  • Where it stores its data;
  • Whether the service complies with the Australian Privacy Principles (APPs) and;
  • If the business knows the consequences of not complying with the APPs.

It is easy to comply with these requirements when the data is within Australia. When the servers are located outside Australia, it becomes difficult to enforce. We cannot force our privacy laws onto another country.

The Australian Privacy Principles

The APPs are a set of principles that govern how a business is to deal with and store personal information. They set out the circumstances under which a business may collect data from their customers. The APPs outline how and when other entities can access this data. It instructs business on how this data may be used and for what purposes. It also sets out the disclosure requirements business have to comply with when sharing personal information for secondary purposes.

Get a free Privacy Policy when you sign up to Lawpath today.

A Privacy Policy is required by law in certain circumstances. It outlines how your business will use, store and collect your customers information.

Get started

A Use and Disclosure Example

Australian Privacy Principle 6.1 requires any personal information collected to only be used for what it is collected and not any secondary purposes the individual has not consented to. When a customer service call center employee accesses your account, they can access your personal information. Personal information is information that can be used to identify you, such as:

  • your name
  • bank account details
  • home address
  • email address
  • date of birth
  • phone number and so on

Where this personal information is stored outside Australia, it becomes challenging to make sure the particular employee who is accessing your file is aware of the disclosure agreement in Principle 6.1. What systems are set in place to ensure that employees know that they are not allowed to disclose personal data for secondary purposes the customer has not consented to?

Australian Privacy Principle 8- Cross-Border Disclosure Requirements

APP 8 requires businesses to take ‘reasonable steps’ to ensure the personal data is stored in line with the APPs in the host location. There is no definition of ‘Reasonable steps’ in the APPs. Rather, it is an objective test that considers whether the business did whatever they could do given their circumstances.

Businesses, however, do not have to meet this requirement where:

  • They reasonably believe that the host location has privacy laws that have the same or similar effect as the APPs.
  • The individual has ways to enforce their rights to have their data protected.
  • The individual has consented to the business disclosing the information.
  • A Court order requires them to do so.
  • An agency has to disclose that information as a part of an International Agreement Australia is party to.
  • An agency has to provide that information for enforcement purposes and the recipient agency performs similar functions or has similar powers as the Australian Agency.

Where Does That Leave Your Personal Data?

Currently, there aren’t any concrete laws to provide 100% assurance that your data will always be secure. Businesses cannot provide that guarantee either because the cloud is after-all a piece of engineering and is susceptible to breaches. That being said, the risk of a data breach is lower when the data is kept within Australia, which more businesses are choosing to do anyway.

A business that store their data offshore can provide security by backing up the data before sending it offshore, or de-identifying it so that it does not identify the individual. They can also keep up to date with the privacy laws of host countries to ensure they offer adequate protection. The business may also choose to train all their employees on their responsibilities under the APPs.

Final Thoughts

It’s worth scanning a business’s privacy policy when you want to use a service to know where your data will be stored. It may not be a big concern if the business stores their data in places like the US or EU where there are strict privacy laws and practices.

As a business, it is important that you thoroughly know the cloud server you store your data in. It is always a good idea to discuss your options with an IT lawyer who will be able to provide you with comprehensive advice on IT solutions for your business.

Don’t know where to start? Contact a LawPath consultant on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest legal marketplace.

Find the perfect lawyer to help your business today!

Get a fixed-fee quote from Australia's largest lawyer marketplace.

Find a lawyer

Most Popular Articles
You may also like
Recent Articles

Get the latest news

By clicking on 'Sign up to our newsletter' you are agreeing to the Lawpath Terms & Conditions

Share:

Register for our free live webinar today!

Price of Justice: Paying the Right Price for Legal Expertise

12:00pm AEDT
Tuesday 30th April 2024

By clicking on 'Register for webinar' you are agreeing to the Lawpath Terms & Conditions

You may also like

What Is A Trademark?

This article explores everything you need to know in regards to navigating trademarks, alongside

Company Setup Costs and Tasks in Australia: A Simple Guide to Business Registration (2024 UPDATE)

Learn about the types of liquidators, their role when winding up a company and how they impact creditors of a business.

What is a Privacy Policy URL?

All you need to know about hosting your company's Privacy Policy URL. A Privacy Policy outlines how your platform handles personal data of visitors.
Twitter Linkedin-in Facebook-f Youtube
Copyright 2024 Lawpath Operations Pty Ltd ABN 74 163 055 954. Lawpath is an online legal service that makes it faster and easier for businesses to access legal services solely based on their own preferences. Lawpath is not a law firm and does not provide legal advice. Information, documents and any other material provided by Lawpath is general in nature and not to be considered legal advice. You should always seek advice from a qualified professional when using (you can access 3rd party qualified professionals via selected products sold by Lawpath). Use of Lawpath and lawpath.com.au is subject to our Terms and Conditions and Privacy Policy.(version: 13/09/2022)

Thank you!

Your registration is confirmed. Keep an eye on your inbox for an email with details on how to watch the webinar.