6| Minute Read
What Is Meant by Data Sovereignty?
Data Sovereignty is the idea that data is subject to the laws and governance of the geographic location in which the data is collected and processed. This is an essential concept in both data privacy and data security.
Table of Contents
Data Residency vs Data Sovereignty
Data Residency is concerned with the geographical location in which a business or other body physically stores its data for policy or regulatory reasons.
In that definition, notice that a data residency requirement only specifies where the data is physically stored. Unlike Data Sovereignty, Data Residency does not require the data be subject to the legal protections and punishments of the resident country.
Put simply: Data Residency is a subset of Data Sovereignty.
In practice Data Residency and Data Sovereignty are often confused with one another, largely because they are both aspects of international data privacy
Data Residency vs Data Privacy
Data Residency is a necessary but insufficient step toward Data Privacy in most cases. That’s why it is often paired with Data Sovereignty requirements.
Data Sovereignty regulates who can and can’t access sensitive data.
Data Residency has no such restrictions. Data that is resident in Australia can still be accessed by foreign contractors and third parties so long as it is not also under a Data Sovereignty requirement.
Data Residency Laws in Australia
Data Sovereignty requirements are often country-specific or even region-specific.
Some of the most well-known such regulations include the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) in California, U.S.
Australia’s national Data Residency and data localisation rules, collectively known as the Australian Privacy Principles (APPs), are contained largely within two acts of Parliament.
- Australia Privacy Act 1988: This act initially created the APPs and still stands as the cornerstone of Australian rules for the handling of personal data.
- Privacy Amendment Act 2012: This act modified the original Privacy Act, including the introduction of new rules for the processing of personal information by corporate and government entities.
This scheme introduced requirements for notifying affected individuals when their personal data was included in a data breach.
Does Australian Data Need to Be Stored in Australia?
Data Residency requirements in Australia vary depending on the type of data being stored.
There aren’t any data residency rules that cover personal data as a whole, although any time you send data offshore, or allow people offshore to access your data you need to comply with the above mentioned APPs.
Health data, for instance, has some of the strictest residency requirements. My Health Records and all associated data, including back-ups, must never be processed, held, taken, or handled outside of Australia. Many states and territories within Australia have additional requirements limiting the disclosure of health records outside of the state/territory without consent.
Other types of data that are often subject to residency requirements include Financial data and any goods, technologies, or software on the Defence and Strategic Goods List (DGSL).
Australian Data Sovereignty laws and residency requirements often extend beyond just the information in your database. In most cases, the operational and configurational data related to your technology infrastructure is covered by the same regulations as the personal data they relate to.
What About AWS Data Sovereignty?
With more and more data being stored and processed in the cloud, providers like Amazon Web Services (AWS) are now playing a crucial role in Data Sovereignty compliance. This is especially true for data related to Software-as-a-service (SaaS) systems.
AWS has extensive Australian data privacy resources for understanding the roles that both AWS and their customers play in maintaining compliance with the APP and other privacy regulations. This includes, for example, information on how AWS handles customer notifications in the case of a data breach, in line with Australian NDB.
AWS doesn’t have direct knowledge of the data in its servers or their privacy requirements. Instead, the company provides infrastructure and access controls designed to help you manage the location and security of your data.
While AWS has cloud hardware all across the globe, they provide easy ways to limit data storage and processing to specified regions. Any data subject to APP Data Residency and Data Sovereignty requirements can, for example, be processed entirely in the Asia-Pacific Southeast region, which is located in Sydney.
SaaS system suppliers will often apply for, and receive, Government agency accreditation to validate their entire data storage structure and process where their platforms use AWS infrastructure.
Harness the Power of Marketing Automation
Swift Digital treat security and data privacy with extreme caution and take steps to continue to enhance and improve our data security to ensure our platform is safe and secure and meets the needs of world corporations and prestigious client base.
Do you need to store your data in Australia? Swift Digital stores all customer data on shore in Australia and ensures no data leaves Australia.
Is your business looking to leverage marketing automation as part of the wider marketing strategy?
Or are you simply looking to change your marketing automation platform?
Swift Digital can share more resources and best practices relating to your industry and how they successfully use marketing automation.
To find out how your business can get the best out of Swift Digital’s platform, contact our team today on 02 9929 7001.
Don’t forget to share this post!