Data Sovereignty and the Cloud report

This research and policy report examines the technology of the cloud, insurance risk issues around data sovereignty, approaches to assess and minimise this risk, comparisons of legal means of accessing data held by Australian companies under local and US jurisdiction (where many cloud services originated), and options for including these issues in existing organisational data risk analysis and management processes. European perspectives are also considered.

Data Sovereignty and the Cloud: A Board and Executive Officer’s Guide -
Technical, legal and risk governance issues around data hosting and jurisdiction

By David Vaile, Kevin Kalinich, Patrick Fair and Adrian Lawrence
Cyberspace Law and Policy Centre, UNSW Faculty of Law, with support from NEXTDC, Baker & McKenzie and Aon.
Version 1.0, 2 July 2013

Launched at media conference at Baker & McKenzie's Sydney office by Mr Chris Chapman, Chair and CEO of ACMA, with moderation by Steve Wilson of LockStep Consulting of a panel of Craig Scroggie (NEXTDC CEO), Eric Lowestein (cyber-risk expert from insurer Aon), Adrian Lawrence (co-auther and partner from Baker & McKenzie) and David Vaile (co-author from CLPC).

URL: http://cyberlawcentre.org/data_sovereignty/

Alternate sources for full version :

  1. Vaile, David; Kalinich, Kevin; Fair, Patrick; Lawrence, Adrian, "Data Sovereignty and the Cloud: A Board and Executive Officer's Guide" [2013] UNSWLRS 84, http://www.austlii.org/au/journals/UNSWLRS/2013/84.html

  2. David Vaile, Kevin Kalinich, Patrick Fair, and Adrian Lawrence, "Data Sovereignty and the Cloud A Board and Executive Officer’s Guide" (December 2013). University of New South Wales Faculty of Law Research Series 2013. Working Paper 86. http://law.bepress.com/unswwps-flrps13/86

  3. Vaile, David and Kalinich, Kevin P. and Fair, Patrick V. and Lawrence, Adrian, "Data Sovereignty and the Cloud: A Board and Executive Officer's Guide" (December 16, 2013). UNSW Law Research Paper No. 2013-84. Available at SSRN: http://ssrn.com/abstract=2369660

 

Addenda (further documents coming to light since v1.0 went to print, for inclusion in the next revision's References section):

NB: a number of major developments in other jurisdictions around IT security and surveillance also occurred shortly after the publication in July 2 2013. The reader is invited to build on material in the report in the context of these developments. Further work may be done by the authors on these matters.