Storing Customer Data on Servers Outside Canada: Good or Bad Practice?

The issue: Can we send contact database files outside of Canada?
Pascale Guay
1 September 2013
Data Management
2 min 15
Conservation de données à l’extérieur du Canada : bonne ou mauvaise pratique ?

Over the past month, I’ve had to review several contractual clauses that organizations must follow under Canadian privacy laws. Research I conducted to verify if it was possible to use the services of third parties to process data. The issue: Can we send contact database files outside of Canada?

I will not give legal advice, but simply expose guideline rules that have helped us to determine if we could use the third party servers located outside of Canada. I invite you to consult your legal counsel for advice that applies to your organization and its territory. And, in the meantime, be immediately reassured, we keep our customers’ data in Canada.

To answer the question, I did some research on this subject.

The general conclusions that I take from my research are found on the website for the Office of the Privacy Commissioner of Canada. They give key recommendations that apply to all organizations in Canada:

The transferring organization is accountable for the information in the hands of the organization to which it has been transferred.

Organizations must protect the personal information in the hands of processors. The primary means by which this is accomplished is through contract.

No contract can override the criminal, national security or any other laws of the country to which the information has been transferred.

It is important for organizations to assess the risks that could jeopardize the integrity, security and confidentiality of customer personal information when it is transferred to third-party service providers operating outside of Canada.

Organizations must be transparent about their personal information handling practices. This includes advising customers that their personal information may be sent to another jurisdiction for processing and that while the information is in another jurisdiction it may be accessed by the courts, law enforcement and national security authorities.”

Because we are not able to ensure security and data access procedures, nor to discuss the contract with U.S. suppliers, we rejected the American solutions of cloud computing to prefer the use of data in Canada. Furthermore, even if the law is not formal in this regard, we will not take unnecessary risk of exposing ourselves to other acceptable data use practices, which are not permitted here in Canada at all, such as sharing contact lists.

Finally, to avoid any difficulties and meet the highest standards of safety, we prefer not to send or share any customer data on servers outside Canada. With all the controversy of the use of U.S. data with the Snowden case, I think it is a wise decision. What do you think?

Découvrez comment votre entreprise peut bénéficier de Dialog Insight.

À lire aussi

Customer Data Platform

How to Supercharge Your Email Marketing with Dialog Insight and Zapier Integration

Learn about the benefits of Dialog Insight's new Zapier integration and how to use it to revolutionize your email marketing efforts.

Omni-Channel Marketing Campaign

Google launches AMP for Gmail… what happens now?

Making the web better for everyone. It’s definitely a worthy objective. That’s the ideology that Google has been putting forward over the past years with its AMP (Accelerated Mobile Pages) project.

Data Management

Convert leads into customers with Lead Scoring

Implementing a lead scoring strategy allows you to place your prospects in their purchase cycle. All this in order to focus your efforts where there is the most chance of conversion.

Omni-Channel Marketing Campaign

Why You Should Optimize Emails For Dark Mode (And How To Do It)

The world is going dark, literally. A recent study reveals that 73% of consumers prefer a darker digital experience. This means fewer blue hues, brighter whites, and more accessible interfaces.

Omni-Channel Marketing Campaign

Erratum in an Email Sample : How to Survive Email Mistakes?

You made a mistake? Why not try to turn this embarrassing situation to your advantage? Some “Oops” messages even get better results than the originals. You just need to get this one right.

Omni-Channel Marketing Campaign

The Difference Between Transactional Email and Marketing Email

Transactional emails often go untapped by businesses. Yet their potential is incredibly high in email marketing.