Storing Customer Data on Servers Outside Canada: Good or Bad Practice?

The issue: Can we send contact database files outside of Canada?
Pascale Guay
1 September 2013
Data Management
2 min 15
Conservation de données à l’extérieur du Canada : bonne ou mauvaise pratique ?

Over the past month, I’ve had to review several contractual clauses that organizations must follow under Canadian privacy laws. Research I conducted to verify if it was possible to use the services of third parties to process data. The issue: Can we send contact database files outside of Canada?

I will not give legal advice, but simply expose guideline rules that have helped us to determine if we could use the third party servers located outside of Canada. I invite you to consult your legal counsel for advice that applies to your organization and its territory. And, in the meantime, be immediately reassured, we keep our customers’ data in Canada.

To answer the question, I did some research on this subject.

The general conclusions that I take from my research are found on the website for the Office of the Privacy Commissioner of Canada. They give key recommendations that apply to all organizations in Canada:

The transferring organization is accountable for the information in the hands of the organization to which it has been transferred.

Organizations must protect the personal information in the hands of processors. The primary means by which this is accomplished is through contract.

No contract can override the criminal, national security or any other laws of the country to which the information has been transferred.

It is important for organizations to assess the risks that could jeopardize the integrity, security and confidentiality of customer personal information when it is transferred to third-party service providers operating outside of Canada.

Organizations must be transparent about their personal information handling practices. This includes advising customers that their personal information may be sent to another jurisdiction for processing and that while the information is in another jurisdiction it may be accessed by the courts, law enforcement and national security authorities.”

Because we are not able to ensure security and data access procedures, nor to discuss the contract with U.S. suppliers, we rejected the American solutions of cloud computing to prefer the use of data in Canada. Furthermore, even if the law is not formal in this regard, we will not take unnecessary risk of exposing ourselves to other acceptable data use practices, which are not permitted here in Canada at all, such as sharing contact lists.

Finally, to avoid any difficulties and meet the highest standards of safety, we prefer not to send or share any customer data on servers outside Canada. With all the controversy of the use of U.S. data with the Snowden case, I think it is a wise decision. What do you think?

Find out how your company can benefit from Dialog Insight.

Read also

Customer Data Platform

What is RCS messaging?

Learn what RCS messaging is, how it differs from traditional SMS, and why it is becoming a powerful channel for businesses looking to improve mobile engagement, trust, and conversions.

Omni-Channel Marketing Campaign

8 use cases for RCS messaging to improve the customer experience

Cart recovery, delivery tracking, reminders, loyalty: explore 8 ways to use RCS to create more useful and interactive mobile messages.

Security and conformity

Email Marketing and Environmental Impact: Reducing Weight Becomes a Priority

Email marketing is a powerful tool, but its environmental impact is often underestimated. Between data storage, information transfer, and display on devices, every campaign generates a digital footprint. Discover why reducing the weight of your emails is becoming an essential practice and how to optimize your campaigns to reconcile marketing performance with ESG responsibility.

Omni-Channel Marketing Campaign

Google takes action against pop-ups usage on mobile websites: what does that mean for marketers?

The user experience is at the heart of the giant Google's concerns. That is why the announcement regarding sanctions on the use of intrusive interstitial on mobile sites was not a big surprise.

Customer Data Platform

Customer Data Platform: everything you need to know about the CDP?

Discover what a Customer Data Platform (CDP) is, how it unifies customer data, and why it has become a strategic pillar of modern marketing in 2026.

Omni-Channel Marketing Campaign

How to synchronize your communications in an omnichannel strategy.

In an omnichannel strategy, communication channels should not operate in silos. Email, SMS, and notifications can complement one another to create a seamless and consistent customer experience. Discover how to orchestrate these channels intelligently to send the right message, at the right time, through the right channel.

New

RCS is now
available

Discover the next generation of mobile messaging, designed to deliver richer, more interactive, and engaging experiences.