To learn more about G Suite, contact our team.
Transcription
G'day, Peter Moriarty here. I've got a couple of questions today. One from Sue and one from Melissa, asking, does G Suite comply with Australian privacy standards? We've been hounded with this question for years and years and years by medical professions and also those customers who are in the financial services industry and who are regulated by AHPRA and have more stringent privacy regulations on their businesses. Now there seems to be a lot of fear, uncertainty and doubt spread by, I'll say the more traditional old school IT guys who are very Microsoft focused who say, “Google is bad. They don't respect the privacy laws. Putting things on Google is evil, you should stick with Microsoft.” And they've been very successful in scaring many of our customers to believe that Google is not compliant with these privacy laws.
So let's have a chat about what the actual privacy laws are. And I have to preface this by saying that I'm not a lawyer, I'm not a consultant and you need to seek your own advice on this because the most important part of the privacy laws is that you are responsible to be compliant. As a business owner you are the one who is responsible for actually making sure you're in compliance with these and so your IT person can't be blamed. Your lawyer can't be blamed. You are the one who is responsible, so make sure you get your own advice just to check this. But I'm going to give you my broad understanding of the privacy laws, how they're applied and how they relate to G Suite based on my personal experience, my personal research and speaking with Googlers in Sydney, who've come across this question from business owners.
So privacy laws, they're applicable to everyone who is over $3 million in revenue, if you're an Australian business or if you're under $3 million in revenue and you're in the medical services field in some areas, if you're regulated by AHPRA, you are not technically governed by the more stringent privacy laws, but you do have other privacy protections that you do have to have in place. And what these privacy laws state in my interpretation is not just that you have to keep data in Australia. That's a very common misconception.
What they actually refer to is how you store, how you protect data and if you use any third party storage solutions or third party digital access management systems, you also need to make sure that they are responsible in how they store and how they access data. And that's where the confusing bit comes in because Google is effectively an additional party and Google has some of those files stored offshore. And so people kind of conflate the two and think, okay, Google equals bad equals not compliant. That's not my personal opinion of the situation.
So how is Google actually compliant and how does this compliance fit in to you and your business? Well, Google does have extremely stringent policies and procedures on how they store and encrypt your data. So when you transfer data from your computer or from your Google drive into Google servers, yes, they're going to be replicated in multiple different geographic locations. Some of those being outside of Australia, but Google can't actually see your data because all of that data is actually encrypted and unless you say to Google, “Hey, I need help with support.” Or somebody reports your account somehow for malicious activity or copyright infringement. Then Google is basically not going to see or look into your data. So effectively Google are not handling your data because they're not actually going in and reading your Spreadsheets or reading your emails or anything like that. All they're doing is encrypting it and storing it in a special location.
That data on Google servers is also encrypted at rest, so it's encrypted between you and Google as long as you are using their web services or any of the other Google services. It's also encrypted when it lands on their servers and it's encrypted when it's replicated between their servers as well. So all of that data is safely secured in Google systems. What's your responsibility as a business owner? Well not only to use a reputable vendor of which Google obviously is, but you need to also protect the endpoints of where you are accessing data, where your team are accessing data, including when as well.
That's where you've got to be really careful because with a Google account, if you just have a username and password to access that account, well it might be easy enough for someone who steals your Google account and your password to get access to that account. Especially if you can use the same password for many different websites, which I know that many people are guilty of, don't lie. So how do you protect that? Well, within the Google ecosystem, Google have some great options for security apart from all of the encryption which is built-in, you can also enable something called two factor authentication onto your account.
So that two step verification works with your mobile phone, it'll send you a text message or a pop-up prompts or you can get a six digit code via an app and that will only let you log into your account when you have your phone with you. And now that's when you log into a new device. You log in once it's saved, you log in for 30 days kind of thing, but when you access a new device, it's only going to let you log in if you physically have that mobile device there as a second factor device.
What that does is greatly increases the security of your account because if somebody gets access to your username and your password for your account somehow, well that means they get access to absolutely everything in your account and potentially your customer's data and information as well. So be very careful with who you give access to with your Google account. Make sure that you roll out two factor authentication, that's very easy to do from the administration panel and your account will be secured, but of course to make sure you are in full compliance with the Australian Privacy Principles, you want to make sure you speak to an expert about that and just confirm that things are good. But the notion that Microsoft is more secure than Google or the Google isn't secure or that Google's privacy is not up-to-date on this is absolute hogwash. That's just a lie from the IT industry who want to keep you locked into the Microsoft and locked in to paying them lots and lots of money for IT services, which we are all against.
So if you want to have a look at how Google actually deals with your data and how they deal with privacy, particularly respectful to the Australian privacy protections and Australian data privacy laws, you can just Google it, Google @googlegsuite and Australian privacy protection and you will find they have a white paper on that with all the information that you need. Now if you need any help with your G Suite account, if you'd like help rolling out two factor authentication, if you would like a security audit, if you want to make sure that your sharing settings on your Google drive is correct so that no one can accidentally share files outside of your organization.
There's some really cool policies that we can apply, are very useful financial services businesses and also for those in the medical or healthcare industries, then get in touch with our team. Head along to itgenius.com or drop us a message right here on Facebook and we will be very happy to help. If you have any questions, drop them below this video and I look forward to answering your questions where possible and answering any others in a new video. Take care.
