A policy for yes the Government’s use of cloud computing has been released. Attorney-General, Mark Dreyfus and Minister Assisting for the Digital Economy, Senator Kate Lundy said the policy would ensure Government agencies could take advantage of the opportunities enabled by cloud computing and the National Broadband Network while maintaining the privacy, security, integrity and availability of personal information.
Attorney-General, Mark Dreyfus said the policy would also help decide when to allow work to be done overseas or outsourced on a case-by-case basis. The policy builds on the National Cloud Computing Strategy released in May 2013. A key goal of that Strategy is that the Australian Government will be a leader in the appropriate use of cloud services.
Senator Lundy said the Government was an enthusiastic supporter of new technology such as cloud computing, ”especially where it not only facilitates government business but helps us get the best value for the taxpayer dollar”. They said Government held much unclassified data which, subject to a risk assessment, could be stored in a public cloud. But information that required privacy protection required stronger safeguards.
Mr Dreyfus said he had paid special attention to the security of personal information, which people expected would be treated with the highest care by all organisations, but by government in particular. “Safeguards have been incorporated so that before personal information can be stored in the cloud, the approval of the Minister responsible for the information, and my own approval as Minister for privacy, must be given,” he said.
“The safeguards we have put in place will ensure the Government can take advantage of cloud computing to reduce storage costs and improve efficiency while still ensuring the external storage and processing of data only occurs where the privacy of personal information can be properly protected.”
Under these arrangements information that doesn’t require privacy protection can be stored and processed in outsourced and offshore arrangements after an agency level risk assessment. Privacy protected information can only be stored and processed in outsourced and offshore arrangements with suitable approvals in place.
The relevant portfolio Minister, and the Minister responsible for privacy and the security of Government information, currently the Attorney-General, will also need to agree to the arrangements. Security classified information cannot be stored offshore unless it is in special locations (such as Australian Embassies) or under specific agreements.