What Happens to Privacy Laws When Your Online Data Crosses International Shores?

Picture this: you are a business with your headquarters based in Australia. This is where all the sales, marketing, accounting and operations occur. However, you have a branch office located in India – perhaps a call centre, for example. Personal information about accounts must be sent to the international branch in order for the call centre to contact, support and liaise with the clients.

Naturally, things might get a bit confusing as to how to protect this data. Does it still fall under Australian Privacy Principles, or is it now subject to India’s laws? Could that data potentially be subpoenaed by a foreign government?
This is where data sovereignty comes into play.

What is data sovereignty?

Essentially, the laws of data sovereignty were created to cater for the boom of the digital age and the ability for data to be stored outside of an organisation’s country. It calls for the need to maintain privacy regulations and protect data once it’s out of the original owner’s metaphorical hands.
To combat confidentiality concerns, Australian Privacy Principles have striven to make sure overseas organisations are required to abide by APP’s guidelines when it comes to receiving personal data. According to APP, certain rules dictate what data is allowed to be transmitted, and organisations that mishandle data will be flagged and held responsible for doing so. However, the intricacies of these rules are extremely multifaceted.
It’s a complex legal issue, yet there are certainly ways to ensure best practices for data security:
• Choose a local web hosting provider. The best way to ensure you aren’t breaking any data sovereignty laws is by opting for a web hosting provider that has onshore servers. This means the data can remain as secure as possible.
• VPS hosting is ideal for simultaneously protecting and sharing data. Virtual Private Servers – VPS – enables the ease of information flow between employees anywhere in the world, while offering a customisable degree of control.
• Verify where your data will be stored. Even if your company has an international presence, you can still keep it on Australian soil, so to speak. Just be sure to make it clear that your data is being stored locally. Herein, you’ll also want to make sure the data is not being replicated onto other international servers, lest you risk breaching privacy.

So, in summary…

It’s important to remember the diversity of which data is created. Some information can be stored anywhere across the globe without any concerns about confidentiality. Other information, such as personal data, is much more precarious, and requires careful measures to be taken.
Thence, it’s important to choose a local web hosting provider that offers VPS in order to increase the likelihood of your data staying in Australia and remaining secure, and to gauge a full understanding of exactly where it will be located. If you are planning to send sensitive data offshore, it is highly recommended that you seek legal counsel and brush up on the privacy principles involved.