Data residency is not data sovereignty. Making sure that your data is stored on a server located in Australia is only part of the story.
The large public cloud providers are subject t the “Clarifying Lawful Overseas Use of Data” or CLOUD Act. This came in to effect in 2018 and allows for federal law enforcement in the United States to compel U.S based technologies via warrant or subpoena to provide requested data stored on servers regardless of weather the data are stored in the U.S. or on foreign soil.
The U.S. authorities have used the Act in the past, with the most publicized case being Microsoft Corp. vs. United States . In fact, CLOUD Act was passed to end this legal dispute which was in the US Supreme Court at that moment. After its enactment, Microsoft agreed to the Department of Justice demand and released the emails from Israel.
For Australian businesses transacting sensitive data on behalf of Australian citizens, the CLOUD Act represents a risk. In fact for any Australian business, passing the custodianship of confidential data to foreign owned and operated technology companies risks significant reputational harm and commercial loss. It is your data and your business – keep it in Australia.
Incarta is a fully Australian owned business. We operate a secure private cloud for banks, insurers, health providers and any business small or large who believes that they have a responsibility to their clients to keep their data sovereign – not just resident.