CommBank won’t store data offshore



blog If you’ve been reading Delimiter for a while, you’re probably aware by now that Commonwealth Bank of Australia chief information officer Michael Harte is a huge fan of the cloud. There was the time back in April 2010 when the executive called for banks to band together to force vendors into changing their attitude on cloud computing, and most recently, there was the time Harte rocked up at the launch of Amazon’s Australian datacentre, telling the audience that anti-cloud excuses were “pure garbage”.

That’s why we’re surprised to see another of the bank’s IT executives, David Tannis, pooh-poohing offshore public cloud storage platforms in an article on iTNews today. The publication quotes Tannis (we recommend you click here for the full article):

“The policy needs to be clear,” said Tannis. “We like our data managed by the company, for the customers and kept here in Australia.”

To be honest, we’re a little surprised to hear this kind of sentiment emanating from CommBank. It’s now not that unusual in Australia’s financial services sector to see de-identified customer information stored offshore in public cloud facilities, and banks such as the Bank of Queensland have even deployed — which has no Australian data centres (the closest one is believed to be in Japan) as one of its new CRM platforms for staff. We had thought that for a while now Australia’s major banks had stopped stating that no data could be stored offshore and had started instead questioning what categories could be hived off. Apparently not.

Image credit: megawatts86, Creative Commons


  1. Its a legal issue.

    If the data center is located in a different legal jurisdiction, the data it holds can be at risk to the local laws and enforcement.

    I would have thought that was fairly obvious.

  2. I guess to draw the distinction at ‘cloud’ vs ‘storing data offshore’. Given the increasing amount of local ‘cloud’ availablity (Ninefold, AWS, Rackspace etc etc) then it’s possible to hold it in the cloud (redundantly) and still only have to worry about Australian data jurisdiction.

Comments are closed.