Where is my data stored?

Posted on Mar 27, 2026 in IT policy, Legal, Security

The Foundation of Trust: Data Location Matters

For law firms, your clients’ information is your responsibility. Therefore, when clients’ information is outsourced to an IT firm, the number one question every law firm should ask the IT firm is: “Where is my data stored?”

If it is in New Zealand, that’s excellent. Your data security will be governed and protected by our laws, the Privacy Act 2020 in particular, and compliant with the Law Society’s ‘Cloud Computing Guidelines for Lawyers’. Any access to your clients’ data will follow due process, ensuring the protection your clients expect and deserve.

If your data is not stored in New Zealand, you need to know where it is being held. Is it in Singapore? The USA? India? Or China? The question becomes ‘what law is my data subject to?’ and then ‘who can access it without due process?’

Critical Privacy Considerations

If you do not know where your data is, or if it is in an overseas jurisdiction, then you need to ask the following questions:

  • Is there a privacy law that applies in the country or countries where your data is stored or processed?
  • Is the privacy law similar to New Zealand’s privacy law?
  • Does the law apply to the cloud provider and to your information?
  • How will the cloud provider deal with any requests for information that it receives from government agencies, courts etc.?
  • Will the cloud provider notify you if data is lost or stolen, for instance if the provider is hacked?
  • Who can you or your clients complain to if there’s a breach of privacy?

Why This Matters More Than Ever

With increasing cyber threats and evolving international data sovereignty laws, understanding your data’s location has become even more critical. The Privacy Act 2020 strengthened New Zealand’s privacy protections, including mandatory breach notification requirements and significant penalties for non-compliance.

Additionally, various countries have implemented data localisation requirements or government access laws that could impact your clients’ confidential information. The legal profession’s ethical obligations around client confidentiality make this a paramount concern for any practice.

Our team regularly works with law firms to ensure their data storage solutions meet both regulatory requirements and professional standards. We believe transparency about data location isn’t just good practice—it’s essential for maintaining the trust that forms the foundation of your client relationships.

So in your next partners’ meeting, or when you next speak to your IT provider—ask the question “Where is my data stored?”. If you’re not getting clear answers about your current setup, we’d be happy to help you understand your options and ensure your clients’ data receives the protection it deserves. Get in touch with us to discuss how we can help secure your firm’s digital future.

Jessica Falconer
Director, Resolve Technology
When she’s not wrangling IT strategies, Jessica can be found wrangling labradoodles, teenagers, and parishioners — not necessarily in that order.