that it doesn't matter where data is stored so long as privacy risks are understood and mitigated. We strongly disagree.

Any data sent out of New Zealand is subject to greater risk than if it was kept onshore.

As outsiders, kiwi companies and organisations are at a disadvantage when trying to protect data that is sent overseas.

As non-citizens, there's less protection for us, and less bargaining power.


Sure, it's a good idea to understand and minimise risk, but in other jurisdictions like like Australia, Singapore or the US, there are very different ideas about privacy, security and whether it's ethical to take control of someone else's data .

These situations are complex and ever-changing.

Additionally, there is much to be concerned about where parent companies (like Amazon, and Microsoft) are based in the US.

In 2014, a US judge ordered Microsoft, under the Stored Communications Act, to hand over data belonging to an Irish citizen, held on its cloud email service in Ireland. This violated Microsoft's own terms of service.

The order completely bypassed Irish privacy legislation too - because Microsoft is a US-based company, the case fell under US law.

Microsoft challenged the case in court, but the issue is far from settled and law governing the issue is in a state of flux.

More recently and chillingly, Donald Trump's Department of Justice demanded that cloud company DreamHost hand over details of everyone that had visited a site perceived to be "anti-Trump".

There's also the issue of the Southern Cross Cable.


There is a single link between New Zealand and Australia, with no direct back up. If this direct cable fails, New Zealand users of Australian cloud services could find their data taking the long route to and from Australia, via Hawaii.

This would result in significantly slower response times - a potential dealbreaker for consumers.

Cloud services can provide excellent disaster recovery support for businesses - unless the disaster also affects access to the cloud.

Our links to other countries further afield are similarly fragile. It's just not realistic to assume our access to overseas data storage is bulletproof, because it isn't.

There are local cloud providers in New Zealand, as noted in Juha's Saarinen column last month.

One of them is the Catalyst Cloud which has been providing a safe, secure and local solution for New Zealand for the last five years.

Our profits stay in New Zealand, and we pay our fair share in tax.

Our price and features truly compete with international providers, and our multiple data centres ensure our capability in disaster recovery.

We guarantee our customers' data will never be sent offshore, as well as offering low latency overseas providers just can't match.

We'd encourage government agencies and local businesses to look again at local alternatives to using overseas cloud providers.

Kiwis should have the right to expect their data will be safe, secure and available - and kept in New Zealand.

Don Christie is managing director of Catalyst, a Wellington IT company.