Australian Data Privacy Regulations In The Cloud
The federal Privacy Act (1988) includes the Australian Privacy Principles that govern the use of personal information by public and private sector organisations in Australia. All organisations that are covered by the act must adhere to the principles it contains. One of the tasks IT directors are faced with when migrating data to the Cloud is how to ensure that they remain in full compliance with the Privacy Act (1988).
Fortunately, major service providers such as Amazon Web Services (AWS) make it easy for their customers to handle data privacy concerns when migrating legacy systems to the Cloud.
Managing data privacy in the Cloud
If you choose to migrate your data, applications and services to Amazon Cloud Australia, you will find that the platform has been designed to provide you with complete control of all sensitive data, allowing you to ensure full compliance with the federal Privacy Act.
• Control of data access — AWS customers can restrict access to key services and resources, thereby ensuring that only authorised personnel are able to access the data that is stored in the Cloud. With advanced access, logging and encryption tools, controlling access to all types of data in the Cloud is a simple matter on the AWS platform.
• Choice of storage locations — The AWS platform also provides you with the ability to specify in which locations you would like data to be stored. Data may be copied and backed up across multiple locations if desired, allowing you to easily comply with any and all data privacy guidelines that your organisation may be required to follow.
• Advanced data protection options — Data can be protected with strong encryption, both while at rest and while being moved from one location to another. You may choose to have AWS manage your encryption keys or maintain complete control of this process yourself.
• Security assurance programme — AWS has created a security assurance programme that employs industry best practices to safeguard the privacy of data and help its customers to operate securely, both during and after the migration of data to the Cloud.
• Limited data disclosure — AWS itself will never disclose your data to a third party, with the exception of binding government orders and requests that are made in accordance with relevant laws. Even in such cases, AWS will make every effort to persuade the government agency in question to make a direct request to the customer for access to the data. Only when they are unable to do so will they provide access themselves, after giving the customer reasonable notice.
Whether you choose to take advantage of AWS’ data storage facilities or those of another Cloud service provider in Australia, you should always follow data privacy best practices and guidelines. For analysis purposes, de-identified data should be used whenever possible and privacy impact assessments should be conducted before new data analytics projects are started. It is also important for individuals to be offered a range of options when asked for permission to use their personal data.