Canadian Data Privacy Laws
Many Canadian companies rely on storing data in the cloud for the majority of their organizational needs.
Cloud storage offers many benefits to both the consumer and the business, such as increases efficiencies, reduced IT costs and improved network storage capabilities by allowing on-demand access to networks, servers, applications and services.
In Canada, data is subjected to federal and provincial data legislation. Therefore, even if you technically own your data, federal and provincial governments have control over data privacy within their areas of jurisdiction.
Canadian Privacy Laws
For businesses looking to store their data digitally, it is important to be aware of local privacy laws and understand how they will impact you. There are two federal privacy acts enforced in Canada:
The Privacy Act
The Privacy Act governs how the public sector, such as federal government departments and agencies deal with an individual’s personal information. Under the Privacy Act, individuals have the right to access and request correction of personal information about themselves. Every province in Canada has its own public sector privacy legislation.
Personal Information Protection and Electronic Documents Act (PIPEDA)
PIPEDA governs how private sector organizations collect, use and disclose personal information in commercial activities. All organizations engaged in commercial activity throughout Canada (with some exceptions) are required to comply with this act and are responsible for monitoring their own compliance.
PIPEDA stipulates that organizations are not allowed to use the information that they collect for any purposes other than what was agreed upon at the time of collection. This also means that the information cannot be shared with any third-parties unless express consent is obtained.
The provinces of British Columbia, Ontario, Quebec, New Brunswick, Nova Scotia, and Newfoundland have laws in place that are similar to PIPEDA. However, when organizations are dealing with federal works, undertakings or business, PIPEDA will be applicable over the provincial law.
Data Residency Matters
By keeping your data stored on Canadian servers, you are only subject to Canadian privacy laws. Storing information on a web-based platform that is located in another country can have serious implications for your business and subject you to international privacy laws.
For this reason, it is very important to take data residency into consideration when transitioning your Canadian business to a web-based document storage and management platform.
Octacom is a SOC 2, Type II Audited enterprise software and services company focused on document and data automation solutions, including automated data capture. Founded in 1976, Octacom specializes in accounts payable automation and automated invoice processing, among other digital / automated business process outsourcing services.
If your organization is looking to learn more about our solutions and services, please contact us and we would be glad to help.