Security is a top priority at Amazon Web Services
Customers in Australia and New Zealand use the AWS Cloud to store confidential data, process sensitive transactions and build critical services. Choose AWS’s world-class infrastructure and benefit from AWS’s secure and resilient environment to protect your information and build applications that enable your business. Learn about Australia and New Zealand’s data privacy and security compliance requirements from our Security and Privacy Knowledge Hub for Australia and New Zealand, and see how AWS can help you meet or exceed your security goals.
Stay up-to-date
Data privacy in Australia and New Zealand
Australia Data Privacy
The Australian Privacy Principles (APPs) set out in the Australian Privacy Act 1988 (Cth) impose requirements for collecting, managing, dealing with, using, disclosing and otherwise handling personal information. The APPs set out data protection principles to protect the privacy of individuals.
New Zealand Data Privacy
New Zealand, like most countries, has enacted legislation that enables New Zealand law enforcement and government security bodies to seek access to information, including the New Zealand Security Intelligence Service Act 1969 and the Government Communications Security Bureau.
Data privacy FAQs
AWS gives you ownership and control over your content through simple, powerful tools that allow you to determine where your content will be stored, secure your content in transit and at rest, and manage your access to AWS services and resources for your users.
Meet your local compliance goals
Using AWS in the context of Australian privacy considerations
This whitepaper focuses on typical questions asked by AWS customers when they are considering the implications of the Australian Privacy Act on their use of AWS services to store or process content containing personal information.

Using AWS in the context of New Zealand privacy considerations
Thisdocument provides information to assist customers who want to use AWS to store or process content containing personal information, in the context of key privacy considerations and the New Zealand Privacy Act 2020 (NZ).

AWS Compliance
Learn more about our compliance offerings and the benefits of using AWS to meet standards around the globe.

Meeting government compliance requirements
Meeting financial services compliance requirements
Hear from our local customers
Commonwealth Bank
The Commonwealth Bank (CBA) is Australia's leading provider of integrated financial services. CBA’s purpose is to improve the financial well-being of customers and communities. CBA offers products and services in retail banking, insurance, investing and superannuation, business, and institutional banking. CBA’s priorities are to lead Australia’s recovery and transition, reimagine products and services, deliver global best digital experiences and technology, and have simpler, better foundations.
CBA has been using AWS since the launch of the AWS Sydney Region in 2012. CBA extensively uses AWS services such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Simple Storage Service (Amazon S3), Amazon Relational Database Service (Amazon RDS), Amazon Aurora, Amazon GuardDuty, AWS Security Hub, and AWS Shield. CBA has collaborated with AWS Professional Services since 2017 to build their first and second generation AWS Cloud platform to securely build, host, and operate their public website, mobile banking app, wealth management portal, retail share trading web application, and, most recently, their open banking solution.
"Cybersecurity is a team sport, and it’s important to us that we partner with organisations that have a strong security culture,” explains Keith Howard, CBA’s CISO. “In partnering with AWS, we are able to use a suite of sophisticated cloud native security services to intelligently protect our customers in real time. We also value the global access to AWS service teams and deep security and risk specialists who support us to continuously optimise our capabilities."

Australia Post
Australia Post is a government business enterprise (GBE) that’s completely self-funded with both commercial and community service obligations.
In 2018, the organisation experienced account and role proliferation in their AWS environments leading to challenges in applying security governance, privilege escalation risks, and strain on operation teams who needed to manually configure roles and privileges in every AWS account. The AWS Professional Services team helped conduct a full security review and risk assessment in the environment. Following this, Australia Post launched the Security Uplift Program to address governance at scale. This includes the delivery of a DevSecOps pipeline, consolidation of roles and privileges and an automated solution using serverless architecture to auto provision federated AWS Identity and Access Management (IAM) roles to Identity Provider and assignment to active directory groups.
"We want to make security as invisible to the developers as possible. We don’t want them to have to think about security; it should just happen. We’re paying $5 a month to run a process that’s going to remediate any violations against your security policy within 30 to 45 seconds. We’re talking about 30 to 45 seconds to remediate a particular condition, and that is magnitudes better than what we’d be able to achieve if we were using a more traditional approach. If we were trying to tackle these sorts of things without the help of automation, we might be talking about hours, days, weeks to remediate. And the reality is you’ve got a repeatable process here, and you’re going to get that same remediation and that same level of service every single time. Using AWS native tools is very important to help us get that improved coverage. Our compliance levels are through the roof, and it’s easy to track that. If you went out and bought a product that does this it would cost thousands of dollars per month. Now we are doing over 70,000 checks a month, and growing, and it costs us $5 per month. We can keep adding to this and the costs only go up a tiny little bit.” – Steven Stojanovski, Head of Security, Education, and Culture, and Jason Gorringe, Manager of Cloud Services, Australia Post, 2019.

KINNECT
Founded in 1996, KINNECT is one of the leading privately owned occupational health companies in Australia. KINNECT is the only company in this space to have developed their own SaaS platform, Carelever. Carelever enables companies to effectively manage their people’s occupational health in real time with preventative services (pre-employment assessments), injury management (returning injured people back to work) and health surveillance (monitoring the ongoing health of their people). KINNECT’s deep discipline specific knowledge of people’s health allows them to innovate with their clients to enable technology enabled occupational health solutions.
Carelever wanted to minimise all operational overhead and they did not wish to spend time patching and managing their underlying infrastructure. As such, they leverage services such as Amazon Elastic Container Service (ECS) and AWS Certificate Manager (ACM). Also requiring auditability and governance, KINNECT leverage AWS CloudTrail for an immutable audit log of all of their API calls, and AWS Config for governance over their environment. Finally, they use AWS WAF (Web Application Firewall) to protect their web application from layer 7 attacks, and AWS CloudFormation to ensure consistent deployments across environments
"Confidential healthcare data needs not only a highly secure and safe environment but an efficient one too," says Kevin Conlon, Chief Executive and founder of Carelever. "Since 2012 when we started our journey with AWS, the solutions they've provided us are world-class. Moreover, the team has taken the time to really understand our business needs and really helped us to create a scalable, secure and robust platform. We are delighted to count AWS as one of our integral partners."

nib
nib Group (nib) is a trusted international health partner, empowering their members to make better decisions and improve health outcomes through greater accessibility to affordable health services and information. nib have a mission and vision of people enjoying better health. Through its success, nib aspires to more prosperous and sustainable communities, not only the creation of enterprise value.
nib achieved a major milestone in the Australian cloud technology landscape with the successful migration of the system of record for their corporate health insurance business. The health insurer’s number one priority has always been to ensure the security of its members’ information. They worked hard to create strong security controls and supporting documentation for adhering to and maintaining the standards demanded by the regulator, as well as their own privacy policy. To achieve this, nib uses a number of AWS security services, including AWS Key Management Service (AWS KMS) to manage cryptographic keys and encrypt their data, AWS Secrets Manager to protect and rotate their passwords and other credentials, and Amazon GuardDuty to monitor their AWS environment for suspicious or malicious activity.
"We are an international organisation so we come under both local and global regulatory compliance which means ensuring we meet the expectations of a range of regulators. That’s why we use AWS Trusted Advisor and the Well Architected Framework as it gives us independent guidance on what our maturity and capability looks like,” Wayne Bozza, Head of Cyber Security – nib Group

Canva
Canva's mission is clear: empower everyone in the world to design anything and to publish anywhere. Millions across the globe use the company’s online design services to create social media graphics, presentations, posters, documents, and other visual content.
To complement their already strong security posture, Canva worked with AWS Professional Services to build a cloud-based cyber activity data lake. The approach provides new threat detection and digital investigation capabilities. Within the data lake, Amazon Elasticsearch Service (now Amazon OpenSearch Service) indexes big datasets and allows Canva to store vast amounts of historical data to facilitate the analysis of past cyber activity. Other key components include AWS Glue to extract and transform the data, Amazon Kinesis Data Streams to analyze the data, and Amazon S3 to maintain the datase.
"We have better security situational awareness thanks to AWS Professional Services. We know in real time what is currently going on and what has transpired,” says Moe Abbas, cloud platform lead for Canva.

AWS Cloud infrastructure in Australia and New Zealand
Security at AWS starts with our core infrastructure. Custom-built for the cloud and designed to meet the most stringent security requirements in the world, our infrastructure is monitored 24/7 to help with the confidentiality, integrity, and availability of your data. We automatically encrypt all data flowing across the AWS global network that interconnects our data centers and Regions at the physical layer before it leaves our secured facilities.
Australia and New Zealand Regions and edge locations
AWS customers choose the AWS Region(s) in which their content is stored. AWS will not move or replicate your content outside of your chosen AWS Region(s) without your consent, except in each case as necessary to comply with the law or a binding order of a governmental body. Choose the AWS Region(s) that are appropriate for your need.
AWS Region in Sydney, Australia
With an AWS Region in Sydney, Australia, AWS customers in Australia can now enjoy fast, low-latency access to the suite of AWS infrastructure services. We also have an edge location for Amazon Route 53 and Amazon CloudFront in Sydney.
AWS Region in Melbourne, Australia
The Asia Pacific (Melbourne) region is now open with three Availability Zones. In addition to the Asia Pacific (Sydney) Region, there are already seven CloudFront Edge locations in Australia, backed by a Regional edge cache in Sydney.
CloudFront edge location in New Zealand
In New Zealand, our two new edge locations in Auckland will provide viewers as much as a 50 percent reduction in p90 latency measures. These new edge locations are priced within CloudFront’s Australia geographic region.
Global Infrastructure
The AWS Global Infrastructure is the most secure, extensive, and reliable cloud platform, offering over 200 fully featured services from data centers globally.