How to Manage Your Database in Accordance With Canadian Law
Breakthroughs in cloud computing have many exciting benefits for businesses, but they also raise numerous red flags when it comes to privacy. Since such privacy implications are such a topical subject, we’d like to lend some of our expertise at KGPC LLP. As you read, keep in mind that much of what we cover below is from a legal standpoint. You may need to do further research to ensure you are making the best decision for your business.
Privacy vs. Security
It is important to note that, while related, privacy and security act as two distinct concepts. Security is often defined as the integrity, confidentiality and availability of data. It does count concepts of privacy and data access, but it’s more complex than that. For example, a virus could attack your data, or your server cloud could fail without a full backup. Either of these scenarios would be considered a security issue that is not closely related to privacy.
Security is about managing risks, so nothing can ever be considered completely secure. For most businesses, however, reputable cloud providers tend to offer better security than your existing arrangement, as they have far more resources to commit to this area.
In contrast, privacy has to do with the proper use of and storage of data. Poor privacy policies are often the cause of security problems, such as your data being hacked. Other reasons for such privacy concerns include problematic policies—mismanagement of data or social engineering, for example—or when an employee sells your company email list to a competitor.
Cloud Privacy Concerns
Our society is currently in the throes of a discussion about the connotations and importance of privacy in the age of the Internet. One of the most significant concerns in the cloud privacy discussion is how governments are gathering and accessing data, generally with the goal of defending national security or as part of police investigations.
The US government is the most notorious for accessing cloud data. Through the Patriot Act, the government has certain rights to collect information to aid with terrorism investigations. Government officials can also issue an order that prevents the cloud provider from informing you that your data has been accessed.
Canadian Privacy Law
It is also crucial to consider whether your business is legally allowed to keep data in the cloud. There are often no laws or policies preventing your business from using the cloud, but you are responsible for the data—even if you use a third-party cloud provider. The most significant element is that the Canada Revenue Agency (CRA) requires certain records to be kept in Canada. It may be alright if an up-to-date copy or backup of the records is kept in Canada, but we suggest consulting with your lawyer to confirm.
Are you looking for sound legal advice for your organization, business or corporation? Contact KGPC LLP today.