Why cloud data residency matters for your compliance to data privacy laws.

Why cloud data residency matters for your compliance to data privacy laws.

Understanding data residency regulations for cloud systems and why it is vital for compliance to personal data privacy laws.


R3 datasecurity

Compliance with Personal Data Privacy Regulations is a non-negotiable requirement for schools. This is why it is important for your school to ensure that your cloud based systems comply with Data Privacy Laws. Breaching your data privacy obligations may not only leave your school open to significant financial penalties, it also exposes your school to serious reputational damage.

For this blog we will focus on Australian schools and compliance with Australian laws however there are similar responsibilities for data residency that schools from other countries must consider when using cloud based data storage.


The specific privacy laws which Australian schools must ensure compliance to are:

  1. Commonwealth of Australia Privacy A ct 1988

    This Act regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information, plus access to and correction of that information.


  2. The Privacy Amendment Act

    This Act came into effect in March 2014 and it introduced many changes to the original Privacy Act. It included a set of new principles that cover the processing of personal information by government agencies and private business. The new principles are jointly called the Australian Privacy Principles (APPs).


Why Cloud data residency is important.

In the context of cloud data storage, Australian Government Agencies and private businesses dealing with personal information are subject to APP8 (Cross-border disclosure of personal information). This regulates the disclosure and transfer of personal information offshore (to non-Australian Territories).

Before permitting the movement of personal data offshore, an Australian Government Agency or private business must take reasonable steps to ensure that the overseas recipient will comply with/not breach the APPs.


Your liability cannot be transferred. Your school remains liable for any breach at all times.

It is important to understand that the liability for any breach of The Privacy Amendment Act for any data that is stored offshore remains at all times with the school, even if reasonable steps have been taken to ensure compliance with the Act. Permitting the overseas storage of private data means that your school is exposed to risk and liability regardless of any steps taken to ensure data security by your provider.
In particular:

  • The Australian Sender of personal data to offshore locations will remain liable for the overseas recipient’s acts associated with any transferred personal information and, where relevant, be in breach of the APPs due to any of the overseas recipient’s acts or omissions.
  • In addition, APP11 (Security of personal information) requires that an organization must “take reasonable steps to protect information it holds from misuse”. Enabling data storage in facilities to hold data in jurisdictions which are not subject to Australian Privacy Regulations limits your ability to protect information from misuse.



Print

Do you know where your data is stored?

REACH guarantees that all cloud data storage for Australian schools is stored only in Australia. In addition, all backup data for Australian schools is stored only in Australia. This is recognised best practice which eliminates the risk and exposure to unforeseen liability which is associated with APP8 when personal private data is not stored in Australia.

REACH also maintains dedicated data centres in the USA, Canada and the UK so that schools in these regions do not need to compromise on data residency or compliance to private data security regulations when using REACH.
REACH also offers all schools the option to self host your REACH database on your own campus.


FLAGBALL EU FLAGBALL Canada FLAGBALL USA FLAGBALL Australia

Cloud data residency for Australian Schools

The post Why cloud data residency matters for your compliance to data privacy laws. first appeard on REACH Boarding School Software

    • Related Articles

    • Data Security - Guarantee

      Does Reach (Touchline Connect) provide a guarantee regarding the security and confidentiality of the data on your schools Reach platform at ALL times? This snippet is from the Reach service agreement: Data Protection Requirements Touchline Connect ...
    • ARTICLE: What happens to my school's historic data in Reach?

      Your school's data resides in the live Reach database forever unless your school requests a rollover purge. A rollover purge will result in the current live database being copied into a snapshot and delivered to your school via an encrypted ZIP file ...
    • ARTICLE: Syncing data from Kamar to Reach

      Reach can integrate with Kamar using a data connection that processes daily in order to consume data that Kamar makes available for Reach. The most common setup for this data sync is for Reach to automatically receive student and parent contact ...
    • ARTICLE: Loading Student Data Manually

      We are able to automatically pull in data from most major Student Information Systems. Please contact us for details. Download the Data Template Navigate to Data Management > Import Data . Click Download Data Importer Template File on the left. Data ...
    • ARTICLE: Loading Staff Data Manually

      We are able to automatically pull in data from most major Student Information Systems. Please contact us for details. Download the Data Template Navigate to Data Management > Export Data . Click Download Staff Data Importer Template File near the ...