Head in the ‘Clouds’ a Privacy Risk

At Loyola College all personal information, such as staff and parent/guardian contact information and student medical details, is stored only in Australia, both on onsite servers and redundantly on backup servers hosted externally to the College. The College also periodically reviews its privacy provisions to ensure it complies with its legal obligations.

In the interests of keeping parents/guardians informed about privacy issues that may impact family members, I would like to draw attention to the following concerns in relation to signing up for Cloud services, including email and social media services:

1. Take the time to read the site’s Privacy Policy, as it should describe how the organisation will use personal information and stipulate what steps the organisation will take to protect said information.

2. Determine in which jurisdiction(s)/countries personal information will be stored, as this impacts on the level of protection afforded to that information. Specifically:

• In Australia, as in many other countries, the Australian Privacy Provisions (APP) governs how data is controlled and processed.
• Some countries have stronger privacy regimes than others. For instance, the European Union and New Zealand afford the strongest protections for personal information. Next comes Australia. Unfortunately, the United States, home to Google Inc (Gmail), Apple and Facebook, due to its Patriot Act (anti-terrorism legislation) it does not provide as strong a privacy regime as does the EU, NZ or Australia. Although Google will ‘self-certify’ under Safe Harbour Principles, there are no guarantees that an Australian’s personal information held by Google will be protected to the same level compared to data that is stored in Australia.
• In some cases, it may be possible to request that personal information be stored in Australia; both Microsoft and Amazon allow this for some services.

So, when signing up for Cloud services, don’t have your ‘head in the clouds’ in relation to the protection of your private data. Take the time to read up on how the site deals with your privacy: if the organisation does not provide adequate protection for it, then think twice before signing up!