Recent headlines about the US National Security Agency's surveillance program PRISM have heightened Australian businesses' concerns about data sovereignty, officials said.
"Three months ago, not many people thought it was interesting," said David Vaile, report co-author and UNSW executive director of the UNSW cyberspace law and policy centre. "Today they do."
Many NextDC customers' concerns about data sovereignty surfaced after the PRISM headlines broke, Scroggie said.
A similar thing happened when it was revealed that US soldier Bradley Manning had passed classified material to WikiLeaks, he said.
The authors of the whitepaper said that data sovereignty is an issue that can't be ignored by anyone in an organisation.
Among other suggestions, the whitepaper advises that cloud customers review international laws that may govern their data, ensure their cloud provider complies with local laws in the jurisdiction where data is stored and check whether the business's data is covered by the provider's insurance policy. The paper also recommends that businesses carefully assess what data must be housed in Australia.
"It's no longer just an IT responsibility," said Eric Lowenstein, client manager at Aon. "It is something with which you need to engage all stakeholders in your business. That includes legal, communications, marketing, the CFO and CEO, he said.
"It's clear ... that data stored offshore will be subject to the laws of the jurisdiction in which it's stored," said Lawrence. "Consumers, businesses, anybody who wants to deal with data needs to accept that proposition and deal with it."
Sign up for CIO Asia eNewsletters.