New cyber strategy to consider data localisation rules: O’Neil

Brandon How

Home Affairs and Cybersecurity minister Clare O’Neil is considering local data storage requirements in Australia to improve the security of sensitive data, as the government begins work on a new cybersecurity strategy.

Following her address to the National Press Club on Thursday, Ms O’Neil described data localisation as “really important” and said that it is “absolutely untrue” that data can be held equally safe wherever it is located.

“Data localisation is going to very much be a feature of the discussion that the cyber strategy has, and indeed the work of the National Resilience Taskforce does,” she told

“We have existed for a long time in the benign belief that wherever data is located it can be equally held safe and I think anyone who kind of pays vague attention to these matters knows today that that is absolutely untrue, so it’s part of the work with my department.”

Earlier this year and following similar moves in other countries overseas, the government consulted on the appetite for data localisation in Australia as part of a planned National Data Security Action Plan.

Submissions from the likes of Google Cloud, Amazon Web Services, Meta, and Atlassian were critical, arguing that stricter local data storage requirements does not inherently lead to improved cybersecurity.

State governments and CSIRO were more open, with CSIRO advocating that SME business data should reside and be processed “within Australian jurisdictions” as it contains intellectual property and business intelligence.

Minister for Home Affairs and Cybersecurity.

On Thursday, Ms O’Neil would not comment on specific feedback from big tech companies, instead highlighting the need to “navigate” views on business costs with other concerns.

“In terms of specific feedback [from] tech companies, you always get a whole variety of feedback,” she said in response to questions from

“I think some people recognise this is crucially important. Others see it principally as a cost to their business, and we just have to navigate those different views.”

Any new data localisation regulation would build on existing requirements for the completion of financial compliance audits, ensuring overseas disruptions do not affect financial system operations, and some sensitive personal information, such as My Health Record data.

However, several free trade agreements signed by Australia, such as with the United Kingdom and Singapore, include commitments to restrict the implementation of data localisation laws, with some exceptions.

Ms O’Neil also announced the expert advisory panel led by former Telstra chief executive Andrew Penn that is assisting with the development of a new cybersecurity strategy.

She also announced the formation of a National Resilience Taskforce which would consider how to deal with “shocks and crises” from global threats such as climate change and cyberattacks.

The minister told the National Press Club that Australia was awakening from a “cyber slumber” as “new tools of statecraft are bringing what would otherwise be global security challenges in our everyday lives”.

“It’s felt in our private lives where our identities are under threat, and personal information is at risk. It’s felt in business and research, where Australia’s hard won innovations are at a constant risk of theft,” she said.

Do you know more? Contact James Riley via Email.

Leave a Comment