AGIMO's "Best-Practice Guide" to cloud deployment says cloud computing "poses a range of privacy issues" that need addressing through legal, contractual and operational procedures between agencies and cloud service providers.
"Where an agency cannot adequately address its privacy obligations, it will not be appropriate to transfer that information into a public cloud environment."
Australia is aware of global issues surrounding the privacy and security of information in the public cloud, says AGIMO's First Assistant Secretary, Glenn Archer.
Government "checkpoints" for cloud deployment will help monitor how personal information is stored and processed, where this information is located, and how data breaches are tracked and notified.
Cloud data storage and cross-border privacy legislation also come up for scrutiny.
The Office of the Australian Information Commissioner says agencies should carefully assess "potential privacy impacts" from cloud services through "Privacy Impact Assessments." These assessments can determine if cloud services offer the best ICT migration path.
Australia is working with international and national bodies to tackle cloud privacy and security concerns, including the International Standards Organisation / International Electrotechnical Commission Joint Technical Committee 1 (ISO/IEC JTC1) and the Australian National Standing Committee on Cloud Computing.
Organisations involved in cloud privacy and security policy include the Defence Signals Directorate, National Archives of Australia, Australian Government Solicitor, and the Department of Finance and Deregulation.