Finally, IT executives need to examine legislation which covers data including the Patriot Act which can apply to US-owned data centres located in Australia such as the new Rackspace facility.
According to Macquarie Telecom’s general counsel, Heather Tropman, Rackspace may not be able to ignore Patriot Act requests for data in its Sydney facility.
“The Patriot Act is widely recognised as having extra-territorial reach outside of just the US,” she says. Whether Rackspace has “set up a subsidiary company [in Australia] or not, they’re either a US company or they’re a US-owned company.”
Tropman says that her understanding of the Patriot Act process is that the FBI can issue a national security letter to Rackspace in the US, and then Rackspace would request the information from its Australian subsidiary.
Middletons’ Abbott says that if the data centre vendor is an Australian subsidiary and owned by a US company, then there is a conflict of laws that is “potentially going to occur.”
“For example, the US authorities may take the view that as it is a wholly owned subsidiary in Australia it is controlled by the US parent and therefore the US parent should respond to the order to deliver up by exercising its control on the subsidiary,” he says.
“The contrary argument is that the US company could say `we’d like to and sure, it is a subsidiary of ours but we cannot require our subsidiary to break the laws of its jurisdiction such as the Privacy Act and therefore we are unable to exercise that degree of control.”
This article and the comments within it should not be construed as legal advice
Follow Hamish Barwick on Twitter: @HamishBarwick