Did you know you could be in violation of privacy laws, simply by hosting your website on servers that are physically located outside of Canada?
Do you really know where your website and customer data is stored?
If not, you’re in good company. Most Canadian businesses aren’t aware of the legal risks they’re taking by not knowing where their website data is stored. They may even think the data is stored in Canada, when in fact it’s somewhere else. As Canadian privacy laws change, it’s more important than ever to know the answers to these questions. The hard truth is, if you store (or move) any kind of customer or visitor data to, or through, servers that are located outside of Canada, you could find yourself in serious trouble.
Why is This a Privacy Issue?
You (and your data) are protected by the Canadian constitution if your hosting server is in Canada, either physically or on “the cloud”. If the data centre, server or cloud service is outside of Canada, you may be open to data seizure or mass surveillance by international security agencies. Furthermore, you also won’t be protected by the other country’s privacy laws (such as the American Fourth Amendment) because you’re not a resident. Your data will be like a person without any citizenship.
“Any information that goes outside of Canada is up for grabs by local law enforcement,” former assistant federal privacy commissioner, Heather Black, told Global News.
Jacques Latour, Chief Technology Officer at CIRA, agrees. “Once your data travels outside of Canada’s borders it is open to the laws of the land. In the U.S., for example, Canadians have no right to privacy. We know that a portion of Canadian data travels south based on the nature of our internet’s infrastructure and how we navigate the web.”
To ensure your data is protected by Canadian law against intrusive provisions from the USA Freedom act, sweeping server seizures under the Digital Millennium Copyright Act, the loss of net neutrality, and other foreign laws or policies, your website must be hosted on Canadian soil (see list below). If not, you at least have to inform your customers and visitors that their information may be processed in a foreign country. Under some circumstances, you may be prohibited entirely from moving personal data outside of Canada or your province, with or without consent.
Data sovereignty (or disclosure) is required by the Canadian Privacy Act and PIPEDA (Personal Information Protection and Electronic Documents Act). In addition to federal laws, there are Provincial laws that also restrict the movement of personal data. Laws may also vary according to the type of business you have or what sector it’s in.
What it all comes down to is this: you are responsible for protecting any and all information collected from Canadians by your company, and you will be held liable and accountable for it.
As the laws catch up with digital privacy and data security issues, storing data outside of Canada will become more complicated and enforcement will become standard. The Office of the Privacy Commissioner is also tackling specific scenarios, such as the legal purchase of Cannabis in Canada and how this data may be accessed by other countries, resulting in denial of entry.
Clearly, the safest way to ensure compliance, now and in the future, is to choose a website host with data centres physically located on Canadian soil.
Using a Canadian Hosting Company Doesn’t Mean Your Website is Hosted in Canada
[DISCLOSURE: We may receive compensation for links to products on this website.]
Many “local” and other hosting providers are actually resellers. Quite often the actual host is an outside company that could be located anywhere. Conversely, an American hosting company may have data centres located anywhere in the world, including Canada. Their objective is to have servers in close proximity to their clients’ location to improve speed and efficiency.
For example, we host our websites with GreenGeeks because they came out on top after applying our website hosting checklist. GreenGeeks is an American company. However, during the signup process you are presented with a choice of where you want your website to be hosted; Canada, Europe or the US. We have our websites on their Canadian servers. From a legal perspective, the fact that they’re an American company doesn’t matter. What matters is that any customer or visitor data we gather from Canadians is safely stored on this side of the border.
Ecommerce is a bit more tricky because payments may be processed outside of Canada by credit card providers. However, most data can still be controlled if you use a Canadian eCommerce platform like Shopify.
“If that data is stored in our Canadian infrastructure, it is not being shared,” Loren Padelford, vice-president and GM for Shopify Plus told the Financial Post. “Unless we are provided a court order by an entity that has jurisdiction over Shopify as a Canadian company, we will not be sharing this information with anybody.”
Canadian Data Centres
It’s critical that you ask potential hosts:
- Where exactly their physical servers are.
- Will you be able to choose to host your website on Canadian servers, if they have them.
Following are a few hosting companies that are able to provide Canadian data centres, to ensure you’re meeting your legal requirements in regards to data and privacy.
GreenGeeks (Offices in Canada, Canadian servers available)
HostPapa (Based in Canada, servers in Canada)
HostUpon (Based in Canada, servers in Canada)
Stormweb Hosting (Based in Canada, servers in Canada)
Shopify Canada Hosting and eCommerce platform (Based in Canada)
Is your website hosting in compliance with Canadian privacy laws? We urge you to verify the location of your data centres and change hosts if necessary.
Discuss this and other online business topics in the Online Business Canada Facebook group!
For weekly inspiration, insights, tips, and resources, sign up for the Online Business Canada newsletter!
7 Recession Proof Online Businesses To Start From Home
Expert help to choose, start, and run a successful online business!
“Almost 200 pages of pure gold…”
GET IT ON AMAZON
Or Other Major Ebook Retailers
——————————————
© CanadiansInternet.com – Content on this website may not be used elsewhere without expressed permission. Thank you for respecting the effort that we have put into our original content.
DISCLOSURE: We may receive compensation for links to products on this website. As an Amazon Associate, we earn from qualifying purchases. Our content is provided for informational purposes only and does not guarantee results.
Melody McKinnon is an internet entrepreneur with 25 years of experience in a wide range of online business models, backed by a formal business/marketing education and enhanced by training and mentorship. She has owned or managed both educational and ecommerce websites. Her book, 7 Recession Proof Online Businesses to Start From Home, is available from all major ebook retailers.
Melody has worked with many businesses in a multitude of capacities. She can often be found on CanadianDigitalMedia.com, CanadiansInternet.com, CanadianFamily.net, and AllNaturalPetCare.com, as well as other quality digital publications. Her content has earned reference links from highly-respected websites, magazines and university textbooks.
It’s a pain for entrepreneurs online but as a user I have to agree I want my info kept in Canada. It’s probably not realistic but the law is the law.
We’ll have lots of data centres on Canadian soil very soon if O’Leary has his way in Alberta. Absolutely should keep Canadian data here where we can control it to some extent.
Your blog is a shining example of excellence in content creation. I’m continually impressed by the depth of your knowledge and the clarity of your writing. Thank you for all that you do.
I still have lots of questions but I’m better prepared to get the info I need to choose a website host now. Thanks bud
I hear Canadian laws are changing and they’re not putting much thought behind some of them. Why won’t they consult real experts from the front lines? I know far more about working online in the trenches than any academic. Anyway it’s great to have folks like you keeping an eye on internet law in Canada. THANK YOU!
So much red tape in this country but privacy and trust is important. I like the idea of addressing a lot of concerns just by keeping my site in Canada. I did choose Canada through Greengeeks and they’ve been great so far. Thanks for keeping us informed!
What is your recommendation for “Privacy Policy” and “Terms and Conditions” when potential customers sign up as subscribers or to download free digital lead magnets? I don’t want to launch anything on my teaching platform or website before I clearly understand my responsibility. Where can I get specific Canadian information on this topic?
You’ll find the legal guidelines here, but it’s always best to consult with a lawyer.
Are they the only Canadian website hosts that are legal or do all Canadian website hosts have to comply so they’re safe to use?
Website data is stored on servers in data centres. Those servers can be physically located anywhere. To protect data in Canada, the servers must be on Canadian soil. Hosting companies can be located in one country while their servers are spread across other countries. A Canadian hosting company doesn’t necessarily have servers in Canada, or an American hosting company may have Canadian servers available (like ours does). The best thing to do is contact the hosting provider to ask if they have servers in Canada and if you can opt to have your site hosted on them.
I agree, it’s just so much easier to go with Canadian hosting companies and I just feel better dealing with Canadian companies anyway. It’s an extra layer of protection IMO. I like Canadian cyber security companies too. It’s like using a Canadian accountant because they know our system best. SMART!
This is the first I’m hearing about it! Why doesn’t anyone tell us this stuff if it’s so important?? I agree we have to keep data secure and out of the hands of foreign whatevers but they need to inform businesses when things change! How can we comply if we don’t know about it?? Thank God for people like you who share what they know and as soon as I’m done being outraged I’ll be thankful for you! haha