The growth of cloud computing may mean an update to regulations protecting Australians' personal data is required, according to Australian Communications and Media Authority (ACMA) chairman, Chris Chapman.
"Many of the existing personal data protections were developed in a pre-Internet age," Chapman said at the launch of a whitepaper outlining data sovereignty issues facing businesses.
The paper was co-written by the University of New South Wales, insurance company Aon and lawfirm Baker & McKenzie, and sponsored by data centre provider NextDC.
"The developing nature of cloud services has brought many new service providers to the Australian market [and] many are not communications market players as they're currently defined in existing legislation," Chapman said.
Those new players "may not be familiar with existing regulatory obligations such as the consumer safeguards and protections."
It's "inevitable" that law will lag behind technology, said Adrian Lawrence, a Baker & McKenzie attorney who co-authored the data sovereignty whitepaper.
"Businesses will move faster than the law can keep up."
It's even more difficult for government to keep up with cloud because cloud is an international issue, he said.
Chapman called for a "unified, coherent regulatory framework" for cloud computing. He referred to a paper released last month by ACMA supporting an industry-written cloud computing code of conduct to improve consumer confidence in service providers.
"From a regulatory perspective, the ACMA sees that there is a clear and present collective need to address concerns about personal data protections, and also understands that these issues are a complex environment that spans national and international law," he said.
Nearly 71 per cent of Australians use a cloud computing service, but few understand how cloud works and even fewer understand related data protections, Chapman said. Industry must offer citizens adequate information and protections so they may better assess the risks, he said.
"Confidence is critical," said NextDC CEO Craig Scroggie.
"As an industry, we're really only ever one disaster away from eroding confidence that has built up over time in cloud computing."
However, Scroggie and other officials said much uncertainty about data sovereignty and other issues related to the cloud exists among CIOs.
NextDC customers consistently ask about their issues around data sovereignty and data breach notification, said Scroggie.
"We still have customers who are uncertain about what their obligations are," he said.
Location of the data centre is a top concern for CIOs, according to Stephen Wilson, principal consultant at Lockstep Consulting, specialising in privacy, digital identity and authentication. CIOs want to know where the data is, how to be sure a data centre is meeting Australian jurisdictional obligations, and what new obligations arise if a data centre is located overseas, he said.
Sign up for CIO Asia eNewsletters.