About OPC
The Office of the Privacy Commissioner (“OPC”) has made the decision to store its data in the cloud, using Infrastructure (IaaS), Platform (PaaS) and Software as a Service (SaaS) products as part of Microsft Azure and Office 365.
- The Microsoft cloud solution best meets our infrastructure requirements and effectively addresses our current system constraints.
- Taking into account government policy, the law and a risk-based approach, the Microsoft cloud solution remains the preferred and prudent option.
- Microsoft offers industry leading data security, and better data security than we can currently deliver.
- We are comfortable that the regulatory framework in Australia is adequate and provides an equivalent level of protection.
- The storage of our data on an offshore cloud solution involves a theoretical risk that an overseas government or law enforcement agency could make a request for our data. However, the likelihood of this occurring is extremely low.
- Adequate contractual and process controls are in place to ensure that any lawful request will be redirected to us for consideration.
- The combination of assurances, contractual provisions, independent audits and certifications, and the applicability of local and overseas privacy regulations will effectively ensure that we have meaningful control over our data while it is stored in the cloud.
- Making this PIA available, updating our privacy statement and taking steps to engage with any concerns will effectively ensure that we are as open and transparent as possible about our use of offshore public cloud services.
- On balance, we are satisfied that the Microsoft solution provides the best overall outcome, delivering to all our needs while reasonably protecting individual privacy.
Read our Privacy Impact Assessment on the use of Microsoft cloud services (review report 14 June 2023). Opens to PDF, 783 KB.
Read our Privacy Impact Assessment on the use of Microsoft cloud services (29 August 2019). Opens to PDF, 504 KB.