Recently someone in asked me about where to store their organization’s data. They didn’t understand whether Canadian servers is a thing they really needed to worry about. In an attempt to not drown them in detail and be as high level as possible, I wrote this little summary:
The Short Answer is: Find out if your organization is subject to your province’s Freedom of Information and Protection of Privacy Act (FIPPA) Legislation. (Here’s a quick link to the BC FIPPA.)
FIPPA in a Nutshell: In the context of this question, FIPPA defines what types of information are considered personal and non-personal, and requires organizations to protect the privacy of the personal information that they hold.
The Truth about Canadian Servers: Your data will still enter and go through the USA even if you store your data in Canadian Data Centers.
Why: When data is “in transit” (e.g. when you make a request to access a file), it travels over the internet which is routed through the USA. Especially in Victoria, BC, Canada when we’re on an island that is so close to the US that when we sit on a beach our cellphones flip over to American cell carriers when we have roaming on.
So What: When you store your data in Canadian Datacentres, your data “rests” in buildings that stand on Canadian soil. These centers will adhere to the compliance laws of the country.
What Else: There is also a different set of laws that govern data breaches due to acts such as hacking. For some, this would matter to prevent CSIS and the FBI from gaining access. For others with intellectual property, this could also apply to assist with preventing corporate espionage.
For the record, I am greatly over simplying these concepts, but unless you need to know more, let’s keep it simple.