Is cloud security and privacy a concern for your business? With recent developments in the news about US government agencies using secret court orders to collect data on specific users from American-based large internet companies (like Google, Apple and Facebook), should Canadians be concerned about the privacy and security of our data that resides in US data centers? Google CEO Larry Page responded quickly to the allegations with a clear and concise blog post. So did Facebook. Now, these internet giants are all requesting a more transparent process so that they are allowed to detail the number of requests made by government agencies. We often get asked by Canadian businesses about cloud security as they are concerned about US government overreach in the name of security and terrorism. In attempt to be as objective as possible on the issue, I wanted to share a few resources that I have come across that address this concern.
Canadian Cloud Law Blog
The Canadian Cloud Law Blog is written by David Fraser, a Canadian privacy and technology lawyer based out of Halifax. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws and cloud computing. Here are a few of his pages & posts I found very helpful:
- Don’t forget that Canada is in the national security / surveillance business as well
- Cloud Computing and Privacy FAQ – This page addressed the bulk of the questions I had from a legal standpoint.
- Privacy Law Resources – A comprehensive list by Province.
Office of the Privacy Commissioner of Canada
The mission of the Office of the Privacy Commissioner of Canada (OPC) is to protect and promote the privacy rights of individuals.
- Introduction to Cloud Computing Fact Sheet – This document details the different kinds of cloud computing models among other things. For reference, Perpetual West only works with Public Cloud solutions.
- Cloud Computing for Small and Medium-sized Enterprises: Privacy Responsibilities and Considerations – This is a great resource when it comes to privacy questions and concerns that Canadian Businesses have.
- A Guide for Individuals Your Guide to PIPEDA (Personal Information Protection and Electronic Documents Act) – Explains PIPEDA in laymen’s terms. Here is the legalese if you prefer.
- Processing Personal Data Across Borders Guidelines – Explains the implications of PIPEDA when data crosses the border.
- Getting Accountability Right with a Privacy Management – A good guide if you need to setup a privacy management program for your company.
Government Entities & Laws
Here are the wikipedia links to all the entities and laws you will have seen in the news (and maybe some you haven’t).
- Patriot Act – The US Government’s response to the 9/11 terrorist attacks.
- FISA (Foreign Intelligence Surveillance Act) – This law has been beefed up since the 9/11 terrorist attacks.
- FISC (Foreign Intelligence Surveillance Court) – The secret court that grants the surveillance warrants.
- PRISM Surveillance Program – The secret program that was recently exposed by Edward Snowden.
- Anti-Terrorism Act – The Canadian Government’s response to the 9/11 terrorist attacks.
- CSIS – Canada’s CIA/NSA. They have a similar court that grants surveillance warrants.
Cloud Solution Privacy and Security
Here is a list of the public cloud solutions that we work with and their corresponding privacy and security statements:
- Salesforce.com Privacy & Security
- Google Apps Security & Privacy
- RingCentral Security Statement
Outside of the concern for law enforcement or national security accessing your data, you’re left with abiding by privacy regulations and ensuring that the cloud solution vendor that you choose has implemented the very best in security technology with the certifications to match. Choose your cloud solutions wisely and seek the advice of legal and security experts if necessary.
Perpetual West works with only the best and most established cloud solutions in the market like Google Apps, Salesforce CRM and Hubspot. Contact Perpetual West at 1-877-388-6400 to learn more about how we can help your business work in the cloud.