Privacy & Compliance VoIP is Data! When Your Data Must Stay In Canada March 3, 2020July 24, 2020 Many Canadian companies want to transition to the cloud for voice communications, yet worry about data access and privacy. Both public and private sector organizations must follow government laws affecting the storage and transmission of personal information, even when it comes to VoIP services. Provincial governments also have privacy laws to protect customer data, particularly in health care. Storing and transmitting data outside of Canada brings additional challenges, namely a new set of rules and regulations. Find out what affects voice data leaving the country, and how this impacts your organization. Voice is Data VoIP, or Voice over Internet Protocol, is a method for taking analog audio signals, like the kind you hear when you talk on the phone, and turning them into digital data that can be transmitted over the Internet. Protecting the privacy of your voice network is just as important as protecting your data network. What Data Must Stay In Canada? PIPEDA, the Personal Information Protection and Electronic Documents Act, protects consumer data across the country. Canadian provinces have additional regulations that sectors must follow. PIPEDA holds private organizations accountable for protecting information during transit and outsourcing. While information can cross borders, the Canadian business remains liable for any problems. Federal government institutions are subject to the country’s Privacy Act, which outlines how personal information is stored and collected. At present, there is a proposal that would prohibit classified data from leaving the country. Alberta and Quebec restrict the transfer of public sector personal data outside of the nation, and sometimes outside of the province. British Columbia and Nova Scotia prohibit government institutions, Crown agents, and their service providers from moving personal data outside Canada, with limited exceptions. Ontario prohibits the disclosure of health-related information without the individual’s expressed consent in PHIPA, the Personal Health Information Protection Act. While health data can move outside of the province, health care companies must adhere to PHIPA when transferring data outside of the province and this can pose a hardship. Depending on where your company is located and what type of business you operate, you may be unable to transfer VoIP data outside of Canada. Considerations for Data Storage and Transfer If you are using or thinking about switching to a hosted voice solution you have to remember that your organization remains accountable for the information and where it traverses the internet. Since you will be held liable for anything that happens to your voice data outside your jurisdiction, you must assess any risks that could jeopardize the confidentiality and security of personal information once it’s transferred to an international service provider. Once your voice data is transferred outside of Canada, it becomes subject to the laws of the country where the data is stored. For instance, if you send voice data to the U.S. with an American provider (or cloud hosting provider), the voice data would then be subject to U.S. law, and law enforcement agents in the U.S. could gain access to search this data held by American service providers such as backups and voicemail. As you can imagine, this places a larger burden on you. By keeping your data in Canada and on Canadian servers, you simplify things. Rather than follow provincial, federal, and international laws, you must only adhere to Canadian and provincial privacy laws for data security. Canadian telecom companies who use Canadian cloud providers have the best knowledge of the country’s privacy laws, so they’re in the best position to securely store and transfer data for public and private companies. When using a hosted VoIP model you have to think through the implications of doing so — and consider whether you could afford to recover from a customer data breach. Ask any third-party provider you’re considering questions about their data storage, data security, and cyber security, to make sure they can accommodate the level of security that’s required by provincial data laws and Canadian privacy laws. While it takes time to understand how PIPEDA and provincial regulations affect your business, it is ultimately in your best interests to understand these concepts. When you know the law, you can make smart decisions to mitigate your risk and protect your reputation to instill customer confidence. Other Related Topics: Cloud Storage Major Changes to Healthcare Privacy Laws: What Ontario Organizations Need to Know to Keep Patients Safe Secure Solutions for the Healthcare Industry
