Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Friday, 03 December 2021 10:02

Do you know where your data goes? Data sovereignty in Australia

By John Donovan, Sophos
Sophos managing director John Donovan Sophos managing director John Donovan

GUEST OPINION: If you asked anyone working in the digital space today—marketers, customer service reps, IT managers or even ransomware adversaries—what the most valuable resource in the world is, their answer would be: data.

Data has become one of the most valuable assets to businesses, economies, and societies around the world. It enables us to analyse patterns to predict future events, understand consumer behaviour to better sell products, or in the case of cybercriminals, steal personally identifiable information (PII). The potential uses for PII are endless, which explains why the world’s five most valuable brands (Apple, Google, Microsoft, Amazon, and Facebook) have data at their core.

As organisations move to the cloud, there is a need to address concerns around where data is physically being stored—data sovereignty, that is. It is defined as the maintaining of authority and control of data within jurisdictional boundaries, and as we race into the fourth industrial revolution, it is a key issue faced by organisations in both public and private sectors.

Data sovereignty and the argument for onshore storage

Today’s global and digital market means state borders don’t always exist, meaning regional legislation is often adopted as an industry standard framework. For example, the General Data Protection Regulation (GDPR), which was implemented across the European Union in 2018, has largely been adopted across the globe as standard practice.

However, while the GDPR is generally followed in most markets, every region still has its own data sovereignty laws and regulations. In Australia, the Digital Transformation Agency’s (DTA) Hosting Certification Framework governs public sector data, requiring all government data to be stored onshore in data centres with certified strategic or assured accreditation.

Meanwhile, non-government organisations follow the Australian Privacy Act, and while the provisions set out by this act do allow offshore storage in some situations, personal data linked to individuals generally needs to be de-identified and/or aggregated to remain compliant.

But with the Privacy Act currently undergoing reform, added data sovereignty laws are likely to provide citizens with further protection and to ensure Australian data is secure and compliant, across both the public and private sectors. As these worlds start to collide and legislation changes, organisations should look to adopt best practice regarding their storage of data.

When data is stored onshore, Australian citizens and businesses have the right to influence how this data can be interacted with and have input on what the government can do with it.

When that same data is stored offshore, Australian businesses and citizens are powerless to object or protest any changes in data laws and regulations, and unable to stop the local government seizing data or building backdoor access for state interests.

Locally stored data is better protected from unauthorised access by foreign state actors and offshore threat vectors, providing increased security and more responsible use of Australian data.

As a result, many IT businesses and managed service providers have committed to building onshore data centres, either as physical centres or as points-of-presence to store citizens’ data onshore safely and securely, where it is protected by local data protection laws.

Nice to have, or an essential asset?

With all this in mind, it is important to note the internet is immutable storage. As a result, any data shared online through the likes of Facebook, Google or Amazon is already stored in offshore data centres, and there’s no comprehensive data retrieval process available to get it back. For private sector businesses, being able to guarantee that any future data shared by a customer won’t leave Australia will certainly provide a sense of security, but given most Australians have no idea where their data is stored anyway, it’s unlikely to be of significance. There are two areas, however, where data sovereignty becomes essential.

1. The public sector

Public sector organisations hold citizens’ most sensitive information, from medical histories, financial records, and PII. As a result, the way they store data is of crucial importance, hence the DTA’s strict framework.

The DTA announced in June 2021 that it was moving to store all sensitive data onshore in the name of national security and privacy interests. As a result, the public sector has been able to protect sensitive data and enhance its sovereign digital ecosystem, setting a best practice example for Australia’s private sector to follow.

2. Future generations

The other area data sovereignty and onshore data storage will become integral is for future generations of Australians. By setting up effective data sovereignty regulations and strong local data centres now, our future generations can ensure their sensitive data is secured locally and is not at the mercy of foreign governments.

There is no upside to sending data offshore for storage, all this does is expose sensitive information to additional risk. By investing in onshore data centres and further developing data sovereignty, Australia can minimise risk and provide better protection and peace of mind for our nation’s data.

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News