Cloud computing is gaining popularity as a way to store and access company information, but what are the legal risks to storing information in this way?
As legislation struggles to keep up with technological changes, it’s vital that companies monitor their own risks and know their responsibilities for securing information, and this is particularly true in the case of employee information. Some provinces have strict rules managing personal data storage, while others have few laws governing the use of cloud computing.
“It’s very difficult for legislators to keep up with the technological advances,” says Harris and Company LLC partner Frances Doyle, who practices labour and employment law in BC, as well as privacy and access law.
“Even if it is permissible for an organization to store personal information outside Canada, the organization remains responsible for the security of that information,” Doyle says. “Any company in Canada that’s going to use cloud computing has to be very diligent about ensuring that their contract with the service provider imposes a comparable level of security as if the data remained in Canada.”
British Columbia has implemented specific rules for public companies that require them to have data stored within Canada. The law is motivated by concerns over changing rules in the USA, where the Patriot Act expanded the powers of law enforcement and national security agencies to carry out investigations and to obtain intelligence in connection with anti-terrorism investigations.
The private sector isn’t affected by these rules, and no other province has this strict prohibition, but all companies are required to provide a certain level of security for personal information, regardless of where it is stored and managed.
Some provinces also require companies to inform individuals if their information is going to be stored with a company whose servers are outside Canada.
Canadian-based cloud computing company CoreConnect founder Jennifer Aubin says having information hosted in Canada is proving popular here and overseas. Local companies are happy to have their data close to home, while many international companies are relieved to find alternatives to programs hosted in the USA.
“A lot of people are worried about having their information hosted in the US, because they don’t fully understand the Patriot Act,” Aubin says. “I was talking to a company in Singapore last week and they were happy it was hosted in Canada. We’re getting calls from all over.”
Think you can test drugged-up employees? Think again…
Voluntary redundancy: to be avoided at all cost?
Bad boss costs company $45,000 in dismissal lawsuit
Time to get past the carrot and the stick
Smokers suck up $6,000 extra a year