To make the best decisions for your business, you have to collect data from your customers. But keeping that data private and secure is more important than ever before, whether you are a private company or a public service.
In an attempt to keep citizen data secure, may countries have passed their own data privacy laws which dictate everything from what companies can do with personal identifiable information (PII) and where in the world that data can be stored.
Data privacy laws are confusing. In honor of the grand opening of SurveyGizmo’s Canadian servers, we are demystifying common questions about international data privacy laws, with an emphasis on Canada’s PIPEDA law.
My Data’s Stored in the Cloud, So it’s PIPEDA Compliant… Right?
Many companies now run on the Cloud.
But the Cloud isn’t some magical, intangible data storage system that hangs in the ether. Rather, when you or your software service stores information on the Cloud, that data is going to a very real, very physical server somewhere in the world.
When it comes to your country’s data privacy laws, where that Cloud server is located is of the utmost importance. This is the most important thing to remember when working with SaaS data collection companies: just because you collect data in Canada, doesn’t mean your data is automatically stored in Canada.
If you are a Canadian company that is collecting data on Canadian citizens, PIPEDA and your province’s data privacy laws may prohibit you from storing data outside of Canadian borders.
That means, your SaaS platforms must store your data in a Cloud server somewhere inside Canada.
Where in the World is My Data Being Stored?
If you’re unsure of where your SaaS company’s servers are, ask.
Your SaaS provider should be able to identify where your particular account’s data is being stored. Some have many servers, including those in other countries. Others may only have servers in one country.
SurveyGizmo, for example, operates servers in three locations: the United States, Canada, and the European Union. To ensure the utmost security and complete compliance with international laws, each server is completely separate from the others – zero data is shared between them.
Demystifying Data Privacy Laws, One FAQ at a Time
Because every country has their own set of data privacy laws, it’s easy to get overwhelmed. In Canada in particular, there are national laws, then province-specific requirements that must be met for a company’s data collection and storage techniques to be compliant.
We dive in to more Canada-specific frequently asked questions in our Free Canadian Data Privacy Primer. This quick read will help point you in the right direction, whether your company is operating in British Columbia or Prince Edward Island.