The New Zealand Office of the Privacy Commissioner (OPC) has entered into a contract with Microsoft to store all applications and data on external servers. After conducting its own Privacy Impact Assessment on the use of Microsoft cloud services, it will store the data in Microsoft’s data centres in Sydney, with possible backups in Melbourne.

“We are satisfied that the privacy laws in Australia provide an equivalent level of protection to New Zealand law,” it said in a statement.

“We are satisfied that Microsoft’s Azure and Office 365 services will meet our needs while protecting individual privacy.

“We have evaluated the risks and believe that Microsoft offers industry-leading data security, and better data security than we can deliver ourselves. “

“This commercial arrangement will ensure that we are able to access state-of-the-art support and security at a fraction of the cost at which we could do it ourselves, or through any onshore provider. This means that our data is safer, and we have more resources to deploy for to other parts of our business. Our move to an externally hosted environment is consistent with government policy to encourage the uptake of outsourced data storage and processing.”

The privacy impact assessment (PIA) explains the context for the move, the key privacy risks, and why the organisation is satisfied that it can overcome those risks.

“Microsoft’s terms of service, along with local and overseas privacy regulations, will make sure that we have control over the data while we store it in Microsoft’s data centres. Microsoft also undergoes regular independent audits of its compliance with international standards.

“We have made our PIA publicly available to reassure the New Zealand public that we have made a careful and safe decision about the way we handle the personal information they entrust to us.

The full Privacy Impact Assessment is available HERE.