Privacy & Compliance

What Canadian Businesses Need to Know About their Data

As the owner or manager of a Canadian-based business, it can often be challenging to understand and determine the best policies and processes for your business, especially with the vast and varying array of information regarding best practices and industry standards coming from international publishers. While many of these topics are universal and do not necessarily speak to one geographic area over another, it is crucial to consider the Canada-specific advice when it comes to:
  • Canadian Privacy laws (PHIPA, PIPEDA)
  • What data falls under these privacy laws
  • Utilizing US-based data storage or border-crossing
  • How (and where) administrative and client data is stored
  • Storing, securing, backing-up or recovering Canadian data

What makes Canadian data different?

Federal legislation across Canada, as well as some provincial regulations, are held to a particularly high standard compared with regards to how this information is collected, stored, and shared. Specifically, any data collected by public or private sector organizations that includes personal information, including but not limited to legal, healthcare, or financial data. Collecting, storing, and transmitting this data can be subject to Personal Information Protection and Electronic Documents (PIPEDA) and/or Personal Health Information Protection Acts (PHIPA) – this includes not only files and electronic documents, but also in voice-calls (VoIP), recorded messages, and even video conferencing recordings.

What data is included in these privacy acts?

Canadian Data All Canadian consumer data, including but not limited to personal information and some organizational data, is protected by PIPEDA and PHIPA with regulations and standards that certain industries and business sectors are held to. These privacy acts limit the data that can cross borders, holding businesses accountable for the data that they collect and ensuring that any private Canadian information is kept confidential, secure, and most importantly, within Canadian borders. Data collected by agencies, including client data, business files and software applications, emails, voicemails, chats/messages, faxes and even phone calls create data to be stored and managed – and all of these individual pieces need to be considered with the Canadian privacy acts.

Why is it important to keep Canadian data on Canadian soil?

Besides the potential liability that is taken on by Canadian businesses when privacy data is stored incorrectly or not to federal/provincial standards, ensuring that all of your business or client-based classified data within the Canadian border is crucial. While this is not universal for all Canadian businesses in all industries, it is key for businesses that deal in private, client-based information.

Some provinces have differing rules

In Alberta and Quebec, any and all client data may not be stored anywhere outside of Canadian borders, sometimes even limiting organizations to within their own province. British Colombia and Nova Scotia only set restrictions on government institutions, including Crown Agents and their service providers from migrating or storing personal data outside of Canada. Ontario has regulations set specifically for health-related information, always requiring an individual’s express consent and strict policies for transferring and storing data outside of the province (while still remaining in Canada).

Considerations for US-Based Data Storage

When organizational or client data is moved, stored, or backed-up outside of Canada, it becomes subject to that country’s laws and regulations, regardless of the data ownership or original source. This means that if your organization chooses to use an American cloud-hosting or storage provider, all of that information becomes subject to US law, which allows enforcement agents to subpoena certain organizations and gain access to the data, risking the privacy and integrity of the information. This scenario can also be true of Canadian providers who host databases across borders.

Thinking about Using a Canadian Provider Instead?

Storing, securing, backing-up or recovering Canadian data should be simple, and while individual organizations and businesses are liable for the client or operational data that they collect, partnering with a Canadian Cloud Service provider can alleviate some of the stress and challenges that come along with remaining compliant to PHIPA and PIPEDA laws. By choosing Canadian VoIP service provider Telecom Metric Inc., you can ensure that your organization’s data is always safe, secure, and accessible. With 9 geographically distributed and redundant environments across Canada, we provide automatic backups & built in failover for all of your high-risk, client-based, and/or operational data. Next time you’re reading an article or blog about the best practices and standards for storing or securing business data, be sure to look into the location of the writer, or who geographically the article is intended for, and when you can, be sure to ask your Canadian-based provider for more information.


Interested in talking to security professionals? Contact us!

We'd be happy to have a discussion with you about how to manage and protect your business' data!

Start a conversation with us!