Careful consideration is required by organisations when deciding how to store and secure data. A recent number of high-profile security breaches, including those at Medibank (October 2022) and Optus (September 2022), have triggered debate over the methods through which large organisations protect their data.
The global nature of business today is directly applicable to many industries, and this raises the issue and risk benefit trade-offs of onshore vs. offshore data storage.
When a company chooses to store their data onshore, they are strengthening their compliance position in relation to local laws and regulations. Since storage determines the resting location of data, an onshore storage location also simplifies considerations around secure transmission of data or the operational or transactional use of the data.
Offshore data storage, with data housed on servers located overseas may be more cost effective from a capacity and bandwidth perspective, but it may place your organisations at greater risk of unauthorised access to the data or increase the risk that data might be intercepted in transit.
Onshore Data
Pros
Cons
- Gives Australian citizens power to control their data.
- Gives citizens input as to what they allow the government to do.
- Better protected from unauthorised foreign interference.
- Processing speeds
- Easier to ensure compliance with the Australian Privacy Principles of the Australian Privacy Act.
- Usually, more expensive to store your data.
Offshore Data
Pros
Cons
- Usually, a more cost-effective storage method.
- Greater access to more services
- Benefits from other data security regimes if these are also relevant (i.e., systems built to comply with the EU General Data Protection Regulation)
- Powerless against any changes to data laws and regulations
- Risk of interference from foreign governments due to local legislation & associated powers
- Risk of corruption and theft
- Speed and Performance
Ensuring the privacy and protection of our user’s data is at the heart of our business. Our leading-edge background screening platform stores and interprets a wide variety of data. Kinatico solutions ensure that all data is managed to guarantee the preservation of individual privacy. Colin Boyan (Customer Engagement Manager) explains, “From the fully encrypted database through to the ongoing privacy and information security training provided to staff, CVCheck’s product platform and supporting services employ a layered approach to data security. Consistent with this approach, we choose to store all data in Australian data centres to help prevent unauthorised access by foreign state actors and offshore threat vectors.”
Concerns about the security of data and data storage centres has given rise to an increasing number of consumers enquiring about the removal of their personal information such as identity documents or other sensitive records.
The Australia Privacy Principles (APP) include the requirement in APP 11.2 that entities should delete or de-identify information that is no longer needed.
According to the (OAIC (Office of the Australian Information Commissioner) Where there is no requirement or justification for information to be retained, entities must take reasonable steps to destroy or de-identify personal information.
CVCheck promotes transparent use and control of individual data by creating a secure account for every user who is screened through our system. This put control over access to that data in the hands of the customer so they can exercise their rights as to how their data is accessed, transferred, handled, and retained.
Colin explains, “Importantly, individual users own and control their data and can request its removal at any time. However, most users weigh up their privacy and security concerns against CVCheck’s strong track record and security certifications and then choose to retain data in their secure account with CVCheck to use again for future job applications.“
The importance of safeguarding user data and the need for careful consideration when determining data storage and security measures cannot be understated. CVCheck prioritises data privacy and employs robust security measures over a fully encrypted database. These systemic measures are supported by ongoing operational training for all staff.
