Up, Up, and Into the Cloud

26 July 2016

As published in CK Momentum Issue 7 (Click here to download)

As a small business or an early stage startup, you may not necessarily be bound by the requirements of the Privacy Act. However, your clients may themselves be subject to its provisions and will want to be assured that you are compliant in order to satisfy their own privacy obligations. So, big or small, at some point or another it is likely you will have to demonstrate that your business complies with Australian privacy laws and has in place appropriate data security measures.

One particular area of concern is cloud computing. For an increasing number of Australian businesses, moving towards cloud based solutions makes sense. Cloud based offerings are particularly attractive to startup businesses as they almost eliminate upfront capital expenditure on IT infrastructure and offer scalability and flexibility. However, before you sign up for cloud based services, you should shop around to find a reputable cloud provider that is right for your business. One important consideration is the location of the cloud provider’s infrastructure. Storing your data outside of Australia is not necessarily an issue under the Privacy Act, unless a third party has the right to access and use the data. However, there still might be important commercial considerations. For example, last year Luxottica Retail Australia (which owns the OPSM brand) lost a lucrative contract with the Australian Defence Force (“ADF”) after the ADF discovered information about its personnel had been stored offshore, in breach of Luxottica’s contract.

By putting data into the cloud, you are putting the security of that data in the hands of your cloud provider. Before you do so, make sure you have undertaken due diligence on your cloud provider and the terms of your service agreement places obligations on the provider to store your data securely and comply with any applicable privacy and data security laws and standards. The risks associated with cloud computing can be mitigated by having appropriate contractual protections in place with your cloud provider.

 

This bulletin is produced as general information in summary for clients and subscribers and should not be relied upon as a substitute for detailed legal advice or as a basis for formulating business or other decisions. ClarkeKann asserts copyright over the contents of this document. This bulletin is produced by ClarkeKann. It is intended to provide general information in summary form on legal topics, current at the time of publication. The contents do not constitute legal advice and should not be relied upon as such. Formal legal advice should be sought in particular matters. Liability limited by a scheme approved under professional standards legislation. Privacy Policy

Subscribe

…and we’ll email you valuable insights into issues affecting you and your business.

More Insights

How can you avoid unfair contract terms?

How can you avoid unfair contract terms?

By Brad Vinning and Ruby Mackenzie-Harris Business is booming, however... Have you heard about Prospa? This startup shot to Australian Financial Review fame in early June this year. It is an online lender which offers unsecured business loans to small businesses which...

read more