Where is your employee data located?... And why does it matter?
As a business owner, you have several records to keep and store securely. Some of these requiring you to keep data for several years, such as your tax records. As part of your record keeping as an employer, you are required to keep time and attendance records for the same number of years as your tax records. Together with these records, you will also be keeping certain information about your employees, their contact details, personal details and in some cases their sensitive information.
But where are you storing that information? And what are your obligations as an employer as to where you store that information?
These questions are more relevant now than ever, with the advent of SaaS (software as a service) or cloud applications. A cloud application is basically a software program running on someone else’s computer, with them storing the information within that program where they choose. Cloud applications are typically running in large cloud computing environments that Amazon, Google or Microsoft provide with data being stored in large data-centers. But where are these data-centers that are storing your business information located? A common misconception for an Australian business owner is that, when they purchase an ‘Australian’ cloud application that the information or data saved within that application is then stored in Australia. This is typically NOT the case. Most cloud application providers use US or overseas data-centers to store information saved within their application.
What does this mean for you as a business owner?
We’ll that is up to you where you choose to store your business information. However, it is worth noting that if your business data is stored overseas then your data is under that countries privacy policies and laws, which can be very different to Australian privacy policies and laws. So, as a business owner you need to ask yourself, am I comfortable with the information I am storing within these cloud applications being under overseas privacy policies and laws? With so many popular cloud applications available in Australia using US data-centers, most businesses would follow trend and store their data overseas, either knowingly or unknowingly.
What does this mean for you as an employer?
Now as an employer, it is a different story. Because now it’s not just your business information you might choose to store overseas by using certain cloud applications, but now it’s your employee’s personal and/or sensitive information that you are storing. And under Australian law, employees have rights over their information. So, while you as a business owner might be comfortable with using overseas data storage, your employees might not be so comfortable with their personal information being stored offshore and under overseas privacy laws.
Under the Australian Privacy Act, employers must provide employees with a Privacy Collection Notice when collecting an employee's sensitive information. This can include their biometric information such as a fingerprint or facial recognition image. If you use a biometric time clock or an app that takes an employee's image for photo-matching, then you need your employee’s consent to collect this information and issue them a Privacy Collection Notice. The Privacy Collection Notice needs to include details on where you will be storing that information, and if that data will be stored overseas your employees need to have the details outlined on this notice. Your employees have the right to not provide their consent if they do not want their data stored overseas in a cloud application that uses an overseas data-center.
How can you find out where a cloud application stores its data?
Where do Aussie Time Sheets applications store their data?
The Aussie Time Sheets suite of products, Basic, Premier and Workforce TNA, give you the business owner control of your data. Each of these time and attendance applications store the data wherever you decide to install the application, usually on your local company servers. If you use cloud servers, then they can be installed there, with you choosing where your cloud servers are hosted. This means that as an employer using an Aussie Time Sheets time and attendance system, you are in full control of keeping your employee’s personal and sensitive information secure, within Australia and under Australian Privacy laws. Contact our friendly team today for more information on our software solutions.
Leave a comment
Comments will be approved before showing up.