Cape Town - The location of your personal data has no relevance if the government requests a company to hand over information, says an industry insider.
The revelation follows a critical US court decision that forced Microsoft to hand over e-mails of a US citizen stored on a server in Ireland.
However, there is bad news for South Africans concerned about the integrity of their data.
"The location of where the data is stored does not allow a South African company to escape a legal obligation to hand over data when it is obligated to do so," JJ Milner, founder and chief cloud architect at Global Micro told Fin24.
The company specialises in cloud and data services and the recent Protection of Personal Information Act, commonly known as Popi, places new restrictions of how local firms can use personal information.
Data privacy
The US case has caused concern of how governments view data privacy and the implication is that any person's data can be requested, without their knowledge, anywhere in the world.
In SA, Popi has gone some way to limit how companies may share personal information.
Milner argued that local laws provided the best legal framework for defending your right to data privacy.
"A familiar legal framework provides a solid and practical option upon which you can assert your rights. The Popi Act, is an example of automatic protection that a South African user enjoys when it contracts with a South African cloud service provider."
Data encryption strategies may thwart officials trying to read private data. (Duncan Alfreds, Fin24)
Milner also advised individuals and companies to encrypt their data, saying that it could frustrate efforts to read private data.
"Where possible, make use of encryption. The key consideration here is that the local user retains the encryption keys within their own exclusive control, specifically out of the control of the Service Provider. So if the cloud service provider is compelled to hand over a local user’s data in secret, they are unable to do so, because they do not have the encryption keys.
"If the government agency wants the keys, it would have to approach a South African court to compel the user to hand over the keys, which would at least afford the local user an opportunity to protect its rights under South African law," said Milner.
US requests
For example popular US-based social network Facebook says that it will may share your information with authorities, subject to a court order.
"We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good belief that the law requires us to do so," the company says in its Terms.
It also says that personal data will be kept to improve services (which could also mean advertising) as well future iterations of the network.
"Typically, information associated with your account will be kept until your account is deleted. For certain categories of data, we may also tell you about specific data retention practices."
Milner said that Facebook would not hesitate to hand over personal data of South Africans if a US court made the request, similar to the Microsoft case.
"This is absolutely the case! Europe has already enacted legislation requiring European businesses to store their data in Europe, a decision that is expected to cost US cloud companies up to $45bn. The concerns highlighted by European Governments apply equally to all jurisdictions including South Africa."
- Follow Duncan on Twitter