For Australian businesses, knowing where customer data is stored is not just a matter of good practice, it's a legislative requirement. Both federal and state laws impose obligations regarding data privacy and security, with particular emphasis on data location. And as an Australian company, using overseas data provider could mean being subject to additional legal requirements.

The Privacy Act of 1988 and the Australian Privacy Principles (APPs) outline the obligations businesses have in managing the personal information they collect. The very first Australian Privacy Principle emphasises the need for open and transparent management of personal information, with APP 1.4 discussing disclosing if personal information is likely to be shared with overseas entities.

Australian Privacy Principle 8 gets even more specific, focusing on the cross-border disclosure of personal information. APP 8.1 requires businesses take reasonable steps to ensure that overseas recipients of personal information do not breach the APPs.

If your business has an annual turnover of $3 million or more, you need to comply. Even if your turnover is less than that, if you have a contract with the Commonwealth, are providing health services, or share information with a third party "for a benefit, service or advantage," you're also liable.

It's not only the location of a data storage provider that is crucial for compliance with Australian laws. Businesses must ensure they have a clear understanding of exactly where their customer data is stored and how it's being used, even (or especially) when engaging third-party service providers.

Given the potential complexity and severe penalties for non-compliance, businesses should seek professional legal advice to navigate this landscape effectively. This isn't just about adhering to the law; it's about building trust with customers, protecting the business's reputation, and fostering a culture of responsible data management, and avoiding fines that since 2022 can reach over 50 million dollars!

Not sure where your data is stored? Need some help finding a provider that won't store, process, or transmit your customers data outside specific locations? We can help! Get in touch today.