Data security and sovereignty in the age of vulnerability

In recent years, the world has witnessed new emerging technological innovations that have maximised business potential, such as the cloud and the transformation of digital data storage. Although these rapid developments are exciting, they come with new questions and challenges that businesses must conquer to ensure customer safety.

Australia has seen various high-profile cyber attacks that not only prove the need for significant reviews to data protection laws, but also for cloud providers and other technological bodies to consider what forms of regulation businesses should adhere to in order to combat the growing threat of cyber breaches.

The number of Australians who are actively concerned about the security of their data has grown significantly over time. Almost two-thirds of Australians (64%) lack confidence in the ability of large organisations to keep their personal data safe, while 83% are concerned about the security of information held by their service providers.

Essential for the future use of new technologies, both businesses and governments alike must also consider key challenges to maintain their duty of care whilst delivering innovative technologies to their customers.

The state of privacy Acts

As the world continues to become more connected than ever, so does the transferring of personal data globally. However, processing data through new solutions like the cloud often risks exposing sensitive information, with personal data quickly becoming a commodity for hackers.

Following the high-profile Australian cyber attacks of 2022, the Attorney General’s office released a review of the 1988 Privacy Act. As part of its review, the office emphasised the outdatedness of the Act as well as the urgent need to focus on the vulnerability of individuals’ information in the new digital age. The Attorney General’s office specifically highlighted just how at-risk millions of Australians are to privacy risks such as identity theft, reputational damage and blackmail.

The review concluded that Australia’s regulation on data privacy needs updating, citing the modernised approach of the European Union’s General Data Protection Regulation (GDPR), which applies to any person or company who handles personal information of a citizen. By following this type of regulation, businesses can better keep personal information safe regardless of where in the world it is stored.

On the flip side, complex data laws can leave companies lost in how regulation is enforced differently in different parts of the world, hindering local customers in taking advantage of cloud services. In fact, faced with changing regulations, compliance is a top cloud challenge according to 76% of organisations.

A recent survey from ISACA also found that 54% of businesses experienced a large skills gap with frameworks and/or controls and 46% with understanding the laws and regulations that an enterprise is subject to.

The question becomes, how do we overcome these data protection and security hurdles to provide clear pathways for cloud providers and customer protection alike?

Questions you should be asking your cloud service provider should include:

• Where is my data stored?
• What laws apply to my data and who could access it?
• Does my cloud provider follow best practices in terms of security and data protection?

Honesty is the best policy

As part of the journey towards adopting cloud, customers and providers should ensure compliance with various data protection laws both locally and globally. Doing so not only means that organisations are fulfilling their duty of care, but also protecting themselves from the risk of imposed fines and infringements. Coming to the table with full transparency about data location and regulations is critical in retaining control of data in the cloud.

How can Australia apply this?

Drafted in 1988, the Privacy Act requires urgent changes to meet the standards of today’s demands and new technologies. By ignoring the threats that are cyber attacks and the exposure of personal information, regulators run the risk of hurting trust and uptake in new technology needed to deliver digital services. Australia should look to bodies like the EU that have responded to these technological advances in personal data handling. By doing so, Australia can position itself as a trust partner and reap the economic benefits for local business and the economy.

Australia should consider applying transparency laws to business to ensure that breaches and data location are made aware to customers. Amendments should also look to ensure individual control over personal information.

Adopting a more protective regulation on data protection would also offer Australian companies a wider playing field as data could flow more easily between Australia, the EU and Canada.

The future is cloud, and there are opportunities for organisations to improve security systems and processes and better manage data collection and retention. Australian businesses and governments alike must come together to combat new threats to personal data by placing data protection and compliance at the forefront of data regulation.

Image credit: iStock.com/Rick_Jo