5 Privacy Laws You Need To Know Before Using The Cloud

Written by Bruce McKnight on .

The Cloud is not the dangerous, privacy-free concept many people assume it is – despite some high-profile data breaches, it’s still safe to use and many countries have strict laws governing it.

Canada has the Digital Privacy Act (DPA), which amended the Personal Information Protection and Electronic Documents Act (PIPEDA) in 2015. This protects people from having their data used unethically.

If your customer’s data is going to the Cloud, here are some things you should know beforehand regarding the safety and privacy of your customers.

1. Certain data counts as Personally Identifiable Information (PII) and is subject to PIPEDA The data that counts as PII under Canadian law is:

  • Name and age
  • Any ID numbers
  • Income
  • Ethnicity
  • Blood type
  • Any comments made by the person
  • Any employee files, including evaluations and disciplinary actions
  • Credit records
  • Loan records
  • Medical records

It is a crime to disclose any of this data without permission

2. When an organization collects PII data, it is fully responsible for that data

This means that in the case of a data leak, it is you – the company – who will be held responsible. This is why it’s so important to have strict data protection measures in place.

3. Public bodies in some provinces need to ensure that all PII data remains in Canada

Most companies are free to store their data in whatever place they choose, but there are some exceptions. Public bodies (medical facilities, for example) in British Columbia, Nova Scotia and Quebec are required to make sure all their data remains in Canada

4. PII needs to be collected within reason

PIPEDA states that data needs to be “used and disclosed for the limited purpose for which it was collected.” This means that any information that isn’t required to be kept needs to be erased.

5. Safeguards need to be implemented for the protection of the data

PIDEDA says that companies must adopt safeguards appropriate to the sensitivity of the data. Since your company is legally responsible for ensuring the data isn’t stolen, you need services like Security-As-A-Service (SaaS) provided by Stage2Data in order to keep all information under lock and key.

Bear in mind that there can be harsh penalties if customer information is stolen, lost or otherwise mistreated. In addition to your company losing customers and income due to loss of trust, you could also face fines of up to $100,000.