web analytics

Bill Bennett


Data sovereignty in New Zealand

Last year Internal Affairs Minister Chris Tremain told The Dominion Post government could make big savings moving public service computing to the cloud.

The same is true for every organisation in New Zealand. It’s not just about saving money. Cloud computing is more flexible and less trouble.

Tremain went on to say government could save more money by using overseas cloud services. He said the cost savings improve as you go further offshore.

That’s also true. But those extra financial savings come with a different cost attached. Data sovereignty is not often talked about in New Zealand, it’s a huge issue in Australia.

What they don’t tell you about data sovereignty

Multinational cloud service providers prefer it when customers don’t ask awkward questions about data  sovereignty. They often dismiss it as insignificant, or argue that it is nothing for you to worry your pretty little head about.

Maybe it isn’t. Yet the moment your data leaves New Zealand other nation’s laws kick-in. In some cases more than one other nation’s laws. That can quickly get tricky.

You are responsible

It is the data owner’s responsibility to make sure everything complies with the local laws in the country or countries where the data is stored. For data stored in the US, this means the government can access your information without a warrant whenever it chooses. Store your data there and you could be in breach of privacy legislation elsewhere.

Australians worry about data sovereignty because their laws prevent certain types of information being stored overseas. New Zealand businesses operating in Australia, need to keep this in mind as they plan cloud projects.

US laws apply to US companies even when they host data from other countries in other countries. The way US law works means it’s possible the cloud company may be forced to hand over information to the US authorities without seeking your consent or even letting you know that it happened.

Why you need to care

All this may seem a little fussy after the recent revelations governments routinely snoop on data. Yet there are still practical legal matters to worry about. Should anything happen to your cloud project that involves going to law, there’s a good chance the action will take place in a foreign court and be subject to unfamiliar rules, concepts and procedures. All of which could quickly get expensive.

I’ve heard stories of companies saving money from hosting cloud projects overseas, only to see all the savings go up in smoke in a foreign court room.

Another problem is the costs of running overseas clouds can be less clear than operating in New Zealand. Overseas cloud providers don’t necessarily have to worry about the same contract transparency rules as in New Zealand. You may find unexpected extra charges. Good luck getting overseas lawyers to sort that out for you.

None of this means you should avoid using an overseas cloud provider. Just be aware of the risks – they don’t tend to get mentioned in the sales literature.



9 thoughts on “Data sovereignty in New Zealand

  1. This is exactly the reason I pay an exhorbitant amount for an NZ based hosted server. I could save a lot by hosting sites overseas but I cannot in good faith store client information off shore.

  2. I think if the gov’t can’t get at least a good a deal in NZ than even AUS they need to ask themselves why and also if they’re keeping mind NZ jobs, tech jobs even, made by creating the necessary conditions for it to be.

    Stop spending expletive amounts on expletive foreign software and sit down with real Kiwis who use the systems in place now; on the front- and back-end and devise an NZ cloud platform that runs NZ-based software with open protocols so we benefit the whole nation and probably a lot less of a debacle than Novopay.

  3. Good commentary. There is no silver bullet to the issue, every customer I deal with has a different view and in some cases, legal requirements.

    I worked on the Government Cloud Programme around the time that Chris Tremain put out those releases. The issue that we struggled with was cost. It was between forty and two hundred times more expensive to use local Cloud.

    The trick is balance. For your most precious data, keep it close to home and pay the premium, for stuff that is less important and less interesting to spies, put it overseas.

    1. Assuming those low overseas prices are not just down to scale, it means there’s a business opportunity for someone to build a local cloud facility and charge, say, 10 times the going international rate.

      1. Absolutely. There are a few start-ups starting to come up through the cracks, but we’re not seeing a big surge. I can name four small companies that would be attractive to the SMB and four that would be attractive to enterprise.

    2. I would be interested in the price breakdownl is is due to using established companies or building infrastructure, or Internet costs…

      1. Good question. Bill is right about scale. Amazon will charge you 1c per GB of disk for example. The cheapest I’ve seen (backup service) is 15c. It goes up from there. For a large enterprise is sits between 40 & 90c.

        Its the building the infrastructure that costs. Once you’ve got a few dozen customers you can drive prices down (Amazon has made over seventy consecutive price drops in the last two years).

        1. I suspect one thing holding NZ cloud builders back is that they need to get a relatively fast payback from their investment. US companies can often spread the cost of buildings and large scale infrastructure over decades. Also the cost of a physical building and connecting a new data centre would be high compared with overseas. But we are not talking orders of magnitude here.

Comments are closed.


%d bloggers like this: