Cartika Blog

PIPEDA and External Data Storage

From PIPEDA, to HIPAA, to GDPR, to countless others, there are an astonishing amount of acronyms regarding the laws of storage and protection of sensitive data. Unless you specialize in combing through dense legal jargon, you might be missing some of the nuances of data protection laws. If you’re in the business of handling protected information, having a comprehensive understanding of relevant laws is the bare minimum of your responsibility. And while there’s a growing amount of information on these laws online, there is always more to learn. So here are a few things you might not have known about data regulations.

PIPEDA doesn’t just apply in Canada

The Personal Information Protection and Electronic Documents Act, or PIPEDA, is a Canadian regulation passed in 2000. The purpose of this act is to ensure organizations receive consent before storing an individual’s data, holding the organization accountable for the security, storage, and accuracy of the information.

As an organization ensuring compliance with this law, you might assume that these regulations apply only to data stored within Canada, but this is a misconception. Contrary to what you might think, offshore data storage is a legitimate practice, and is even referenced in the original PIPEDA document. However, there is one caveat - the organization that is outsourcing its storage is still responsible for the data, and is still held accountable to all applicable Canadian laws. So what does this mean for companies looking to move their data storage outside of Canada?

Be Aware

The most important thing to note when considering external data storage is the standards of security used in the facility. Regardless of where your data ends up being stored, it’s still your responsibility to keep safe. Here are some questions to ask when researching storage solutions:

  • Where in the world is your information being stored? Are there existing policies in place regarding PIPEDA and other province-specific laws?
  • Has your chosen storage provider been subject to an investigation by the Privacy Commissioner of Canada?
  • What types of security and compliance certifications does your storage provider hold?
  • What is the plan for the data at the end of your contract term with the provider?
  • Who will have access to your data?

By asking, and answering these questions for all potential storage provider candidates, you can save yourself from the legal and financial consequences of a data breach. Being compliant is not just about following the rules, it’s about doing the right thing for those that have entrusted you with their information.

Compliance and Cartika

If you’re still scratching your head when you read up on PIPEDA, or you’re having trouble finding a storage provider that meets your needs, consider contacting the experts at Cartika. We offer comprehensive compliance, unlimited flexibility, unmatched performance, and constant support. With Cartika, your data has never been safer - so get in touch today.