Data Sovereignty and the Cloud: A Board and Executive Officer's Guide
90 Pages Posted: 19 Dec 2013
Date Written: December 16, 2013
Abstract
With NextDC support, this was the first comprehensive comparison and analysis of the legal, technical and risk governance issues arising from the increasing use of 'Cloud' based data hosting, using criteria relevant to governance level decision making and risk management.
This research and policy report examines the technology of the cloud, insurance risk issues around "data sovereignty", approaches to assess and minimise this risk, comparisons of legal means of accessing data held by Australian companies under local and US jurisdiction (where many cloud services originated), and options for including these issues in existing organisational data risk analysis and management processes. European perspectives are also considered. Researchers investigated the comparative impact of laws and administrative and law enforcement practices in Australia, the US and other possible cloud venues, including rules under the Patriot Act and the Foreign Intelligence Surveillance Act in the US and the Telecommunications Act and related legislation in Australia. The focus is not on a definitive conclusion but on enabling those involved to conduct a careful examination of their data, the requirements of those affected by the data, and the impact of various potentially unwanted intrusions into expectations of security, confidentiality and privacy. The relevance of onshore versus offshore hosting is considered, and the effect of foreign control of entities hosting locally.
Suggested Citation: Suggested Citation