Friday, May 10th, 2013
It is important for cloud computing customers to find out where their data is being stored because ultimately it will be subject to the laws of that country – not the laws of Canada. American datacenters are governed by the laws of the United States and there are several acts, such as the Patriot Act that have eased or ultimately removed restrictions on government surveillance activities. In a nutshell, if your company is storing data in the US, it is accessible to various government agencies – in many cases without a warrant or even the need to notify the owner of the data.
Public Safety Canada has said publicly, “first and foremost, the Government of Canada is committed to protecting the privacy of Canadians.
Canada has a solid legislative framework in place to ensure the protection of personal information. The Personal Information Protection and Electronic Documents Act (PIPEDA) protects the personal information of Canadians by establishing rules for the collection, use and disclosure of personal information by private sector organizations in the course of commercial activity.“ PIPEDA, obviously has no jurisdiction on data stored outside of Canada and therefore is unable to prevent access of that data by various US agencies or organizations.
Several sectors of the Canadian economy (medical and legal for example) are required to keep their data in Canada for these very reasons. Any document, file or database with personally identifiable information must be protected by Canadian Privacy Laws and cannot be stored outside of Canadian borders.
Given the strict privacy requirements related to storage of Canadian data “in the Cloud”, many Canadian companies’ will benefit substantially from its flexibility.