Many Canadian companies want to transition to the cloud for business data hosting, yet worry about data access and privacy. Both public and private sector organizations must follow government laws affecting the storage and use of personal information. Provincial governments also have privacy laws to protect customer data, particularly in health care. Storing data outside of Canada brings additional challenges, namely a new set of rules and regulations. Find out what affects data leaving the country, and how this impacts your organization.

The Personal Information Protection and Electronic Documents Act (PIPEDA) governs how Canadian businesses manage the collection, use, and disclosure of personal information. It is a significant concern to not only commercial organizations, but to their customers as well. This multi-part series is designed to help Canadian businesses better understand these laws and provide direction in applying them to their organizations and ensuring compliance.

British Columbia’s Personal Information Protection Act (PIPA) is similar to PIPEDA in that it protects personal data collection within the private sector. Organizations considered to be public bodies, as well as the public sector, must comply with the Freedom of Information and Protection of Privacy Act (FIPPA). FIPPA requires that public bodies store any personal information that is under its control or custody exclusively in Canada and it can only be accessed in Canada. There are exceptions but they are few.

The province of Alberta has a law similar to PIPEDA that protects personal data collection within the private sector called the Personal Information Protection Act (PIPA). The Freedom of Information and Protection of Privacy (FOIP) governs the public sector.

Ontario’s Personal Health Information Protection Act (PHIPA) works in conjunction with PIPEDA. PHIPA governs custodians of health information (hospitals, long term care service providers, pharmacies, health care practitioners, etc.) as well as their agents (insurance companies, information processors, employees, information managers, and volunteers) regarding the disclosure and use of personal health information. It ensures that when they have personal health information in their control or custody it is protected from loss, theft, and unauthorized disclosure or use.