No personal information on the RIW System is stored overseas. It is all hosted on secure government approved servers located in Australia.
MTA only has one overseas Service Provider who has access to the RIW System to undertake Level 3 support and upgrades.
This Service Provider is located in the UK and is therefore subject to the General Data Protection Regulation (GDPR), which imposes stringent privacy and security requirements on organisations who have exposure to personal information.
In addition, MTA has taken steps to ensure that this overseas Service Provider will comply in accordance with Australian Privacy Law in respect of the RIW System. MTA has enacted this by ensuring that MTA has contractual arrangements in place that require the overseas service provider to comply with Australian Privacy Law. If MTA’s service provider fail to adhere to contractual or privacy requirements, then MTA will exercise its rights under the contract depending on the circumstances of the case.
Material and severe breaches may lead to termination of the Service Provider.