Canada and Data Sovereignty for Compliance

Did you know that certain industries are required to retain all their data within Canada due to Data Sovereignty ?

First thing’s first: what does Data Sovereignty mean, exactly? Data sovereignty is the notion that data and digital information is protected by the laws of the country it is physically stored in. For obvious reasons, this issue has become a hot topic for cloud providers and their customers, since businesses and people relying on cloud technology need assurance that their confidential data will stay that way. In order to assure cloud users that their data is in fact protected by data sovereignty laws, providers must maintain absolute transparency with them.

In Canada, as with other countries, providers must abide by specific rules determined by the host government if they want declare their data protected. Early in 2015, the Canadian government polled industry professionals to weigh in on whether the following strategies were viable in preserving data sovereignty¹:

  • All domestic data traffic should be routed exclusively through Canada
  • All databases in which data is stored on servers are located in Canada

There can be no connections between Canadian data centres and third-party data centres located outside Canadian borders, and there can be no available routes of legal entry to the data from an outside source

  • Data must be encrypted and all encryption keys must be held by Canada
  • Canadian data must be physically segregated as part of the design solution

In simpler terms, data must be held exclusively by a Canadian provider, transferred over a Canadian network, and housed in a Canadian data centre.

The inability of these industries to follow new laws added to PIPEDA on Oct 1, 2016 can net a fine of up to Can$10,000 is available on summary conviction, with a fine of up to Can$100,000 available on indictment for any of the following:

Violation of the provisions related to the retention of information subject to an access request.

Retaliating against an employee for:

  • co-operating with the commissioner;
  1. refusing to violate PIPEDA; or
  2. complying in good faith with the legislative requirements.
  • Obstructing the Commissioner in the investigation of a complaint or audit.

The Federal Court can order an organisation to:

  • Correct its practices.
  • Publish a corrective notice.
  • Pay damages to a complainant, including damages for humiliation.



Like this article?

Share on Facebook
Share on Twitter
Share on Linkdin
Share on Pinterest

System Notice

All users have been removed from the cluster and are now on temporary servers. If you are having issues with Email, Please check your settings and make sure you are not using as your server address or in any of your links. You should always be using your domain name for server configuration or logins for webmail. To access webmail using your domain, simply enter your domain into your browser window and add /webmail at the end.

-> updated June 2,2022 @8:00AM EST.

You may note that the Login to cPanel and Login to Webmail links inside your services section will lead to a suspension page. This is normal as we have removed you from the affected server. The issue should be fixed once we move everyone back to the cluster. If you need immediate access, please submit a support ticket.

-> Update June 2, 2022 @11:00AM EST