Data sovereignty vs data residency.

Data sovereignty and data residency are terms that are often used interchangeably, and to such an extent their different meanings have become confused.

Data residency refers to the physical location of where data is stored, and is an important term for commercial and taxation purposes.

Data sovereignty refers to the jurisdictional control that can be asserted over data because it’s physical location is within jurisdictional boundaries. Data sovereignty is an important term for regulatory and data security purposes.

Why data sovereignty is important.

Macquarie Government and data sovereignty.

Our people.

100+ Australian Government cleared NV1 cloud specialists providing local support and protection.

Our data centres.

Macquarie Government owns and operates three secure data centres in Canberra and Sydney to provide your agency with complete control over Australian government data.

Australian owned.

Macquarie Government is proudly owned and operated by Australians. As a sovereign cloud provider we are not subject to changes in foreign laws or regulations that could impact access to your local data from overseas parties.

Australian Signals Directorate, ASD, Australia map

Learn more.

Data sovereignty is a cornerstone of Macquarie Government. We are and always have been Australian owned, located and staffed. We ensure our customers’ data stays here.

To learn more about data sovereignty or how Macquarie Government can help you keep your data safe contact us today for a free consultation.

Talk to us.

We are always here to answer your enquiries.

Enquiry Sent.

Thank you for contacting us We'll get in touch in few minutes.

Citizen and business trust is essential for government digital services.

Australians will not embrace government digital services if they don’t trust their personal details will be protected and kept onshore.

Headlines of government agency breaches, data leaks and outages erode citizen and business trust in governments’ ability to offer secure digital services.

Storing data with the local arm of a Global Cloud Services Provider (GCSP) introduces a new threat vector which unnecessarily increases the risk of Australian data being sent offshore or accessed onshore by foreign parties.

This is particularly alarming when in a 2017 study the majority of Australian respondents (93%) expressed they don’t want their data sent overseas, and 79% don’t want their data shared with other entities (OAIC survey).

“Trust is the cornerstone of the digital economy. Without it, Australian digital businesses cannot use and share the data that underpins their operations.” Accenture

Consumers are far less inclined to trust government apps. Significant distrust for government apps saw the sector come in at 8 out of 10 — down from third since last year.” 2019 Deloitte Australian Privacy Index.

Avoid a new threat vector.

Holding data with a Global Cloud Services Provider (GCSP) exposes your data to a new threat vector – changes to international laws can impact GCSPs, which may in turn have an adverse effect on your local data.

It’s reasonable to expect data held offshore would be subject to offshore laws, but even data held within Australia by a foreign-owned GCSP may be subject to the lawful collection by another country without warning, according to the Australian Government’s Information Security Manual.

Avoid threat vector icon
Unnecessary cost icon

Avoid significant ongoing and potential costs.

International laws change all the time and without notice, and these changes can impact data held locally with a global cloud services provider (GCSP).

When you place your data into the hands of a GCSP it becomes susceptible to impacts from foreign law changes, even though your data resides on Australian soil. The responsibility rests with agencies to continually monitor for offshore law changes that may impact the accessibility of data by foreign parties.

The potential costs of an urgent migration from your GCSP to avoid the impact of an offshore law change can be enormous. Avoiding these potential migration costs and the cost of continually monitoring foreign laws is a significant benefit of keeping your data with a locally owned and operated cloud provider.

What’s more, GCSP pricing is determined overseas with little local consideration and is subject to greater volatility due to foreign exchange fluctuations. One last tidbit – government budgets spent on GCSP services leaks potential tax revenue offshore.

Achieve compliance assurance.

The risk of cyber-security attacks is increasing – there are more threat actors (criminals, nation states, non-state terrorists, lone wolves and hacktivists), and the frequency, sophistication and impact of cyber-security attacks is growing.

Governments are compelled globally to increase government and corporate regulations to improve data and system security. Think the Whole of Government Hosting Strategy, Mandatory Data Breach Notification and the Australian Signals Directorate mandatory top four mitigation strategies.

Hosting your data in Australia with an Australian-owned provider who is subject only to Australian regulations is likely to incur less compliance hurdles that a global cloud services provider.

Compliance checkbox icon
eye-icon

Avoid unauthorised access.

Even though your data may be hosted locally by a global cloud service provider, their staff in various jurisdictions abroad can access your data, network and storage configuration details, and will have hypervisor access.

This circumvents the authority and control governments can exercise in their own jurisdictions.

Alternatively, governments who host their data with wholly-owned local providers with government-vetted staff can maintain control over the confidentiality, integrity and accessibility of their data.