Support
Partners
Contact
Get a demo

Storing Customer Data on Servers Outside Canada: Good or Bad Practice?

The issue: Can we send contact database files outside of Canada?
Pascale Guay
1 September 2013
Data Management
2 min 15
Conservation de données à l’extérieur du Canada : bonne ou mauvaise pratique ?

Over the past month, I’ve had to review several contractual clauses that organizations must follow under Canadian privacy laws. Research I conducted to verify if it was possible to use the services of third parties to process data. The issue: Can we send contact database files outside of Canada?

I will not give legal advice, but simply expose guideline rules that have helped us to determine if we could use the third party servers located outside of Canada. I invite you to consult your legal counsel for advice that applies to your organization and its territory. And, in the meantime, be immediately reassured, we keep our customers’ data in Canada.

To answer the question, I did some research on this subject.

The general conclusions that I take from my research are found on the website for the Office of the Privacy Commissioner of Canada. They give key recommendations that apply to all organizations in Canada:

The transferring organization is accountable for the information in the hands of the organization to which it has been transferred.

Organizations must protect the personal information in the hands of processors. The primary means by which this is accomplished is through contract.

No contract can override the criminal, national security or any other laws of the country to which the information has been transferred.

It is important for organizations to assess the risks that could jeopardize the integrity, security and confidentiality of customer personal information when it is transferred to third-party service providers operating outside of Canada.

Organizations must be transparent about their personal information handling practices. This includes advising customers that their personal information may be sent to another jurisdiction for processing and that while the information is in another jurisdiction it may be accessed by the courts, law enforcement and national security authorities.”

Because we are not able to ensure security and data access procedures, nor to discuss the contract with U.S. suppliers, we rejected the American solutions of cloud computing to prefer the use of data in Canada. Furthermore, even if the law is not formal in this regard, we will not take unnecessary risk of exposing ourselves to other acceptable data use practices, which are not permitted here in Canada at all, such as sharing contact lists.

Finally, to avoid any difficulties and meet the highest standards of safety, we prefer not to send or share any customer data on servers outside Canada. With all the controversy of the use of U.S. data with the Snowden case, I think it is a wise decision. What do you think?

Find out how your company can benefit from Dialog Insight.

Request a demo

Read also

Customer Data Platform

CRM, CDP, and marketing automation: who does what?

CRM, CDP, and marketing automation are often confused, even though they play very distinct roles. This article clarifies their differences and complementarity, and explains how to combine them to build a high-performing marketing strategy that is truly data-driven.

Read more

Security and conformity

Tracking Pixels: What the CNIL Changes… and How to Adapt Your Strategy with Dialog Insight

Read more

News

New feature: The Orchestrator

Orchestrate your campaigns more effectively to boost performance and deliver a smoother, more engaging customer experience.

Read more

Omni-Channel Marketing Campaign

Structuring marketing efforts with campaign, are you doing it?

Since a campaign links a goal, one or more topics, then spreads over several channels, nothing prevents marketers to be inspired by that concept.

Read more

Omni-Channel Marketing Campaign

8 small actions you can automate to enrich the customer relationship effortlessly!

Did you know that you can take advantage of marketing automation without using all your resources and taking a minimum amount of time to set up?

Read more

Security and conformity

Tracking Pixels in Emails: An Ethical Solution Exists

The CNIL seeks to regulate the use of tracking pixels in emails. Between legal obligations, marketing lobbying, and technical solutions like Dialog Insight, find out how to reconcile compliance, performance, and privacy.

Read more
Marketer using Dialog Insight orchestration tool to plan campaigns and reduce email pressure

New: Orchestrator

Less pressure. More impact.

Orchestrate your campaigns more effectively to boost performance and deliver a seamless, engaging customer experience across every channel.

Take control of marketing pressure and prioritize your most strategic campaigns.

Discover the Orchestrator

New at Dialog Insight

Every message, on the right channel, at the right time — automatically.

What if your campaigns could find on their own the ideal channel and the perfect moment to generate more impact?With Smart Channel and Omnichannel STO, your campaigns become more engaging and more effective:
  • Automatically send each message through your contacts’ preferred channel
  • Trigger your sends at the optimal time to maximize impact
  • Drive more clicks, conversions, and revenue — without added complexity
See how to activate this smart duo