Cloud Storage in Canada: Understanding Canadian Federal and Provincial Data Laws

obrBy Mauricio Prinzlau — Last Updated: 14 May'18 2016-09-26T01:33:37+00:00Google+

Although the ‘cloud’ refers to remotely accessible virtual computing resources, real data gets stored in actual physical servers, in different locations around the globe.

Canadians, for example, can comfortably utilize resources on servers in Europe or Asia, which are sometimes even faster than on-premise solutions, thanks to the Internet.

This concept of “borderless computing” is revolutionizing the computing world step-by-step. Unfortunately,  there are still a couple of downsides to it, one of them being the fact that data gets subjected to federal and provincial data legislation.

Green Cloud Computing
Cloud Storage

Therefore, even when you technically own your data, federal and provincial governments which run the actual physical servers it’s stored on, have complete control over real data privacy within their areas of jurisdiction.

That’s why, in addition to a service provider’s terms and conditions, you should be aware of local laws. Analyzing a provider’s compliance with local laws should help you understand overall data handling, plus the ideal type of data to store on their servers.

While the bulk of Canada’s data laws are pretty similar to US and EU privacy legislation, some of its federal and provincial legislation are entirely different, and could substantially impact overall data handling. Canada Cloud Storage Review Review 2018 | SECURE CLOUD STORAGE

For example, as a regular user, which is a Canadian cloud storage and file sharing service, I’ve had to familiarize myself with new laws.

And subsequently, use them to review not only my data but also assess my cloud provider’s compliance with them.

So, should a Sync user be worried about data privacy? Does Sync adequately comply with all Canadian data privacy rules and regulations?

To get the right answers to these questions, we need to comprehend several federal and provincial data laws entirely — which affect Canadian service providers and their users.


Federal Privacy Laws

As far as federal privacy laws are concerned, Canada is governed by two acts:

Privacy Act

Personal Information Protection and Electronic Documents Act (PIPEDA)

The Privacy Act only applies to federal government institutions and outlines a citizen’s rights to access and correct personal data, held by the government of Canada.

PIPEDA, on the other hand, outlines all the rules governing how privately-owned organizations collect and handle data within Canada.

That makes it the original act regulating all cloud service providers based in the country.

Personal Information Protection and Electronic Documents Acts

It’s worth noting that this act only applies to organizations engaging in commercial activities.

That means non-profit, and charity groups get excluded, even when they conduct fundraisers as a means of getting them going.

Only commercial companies located in provinces like:


British Columbia


Are excluded from this rule,  though these provinces have enacted laws similar to PIPEDA.

Therefore, despite being excluded from this particular act, they operate pretty much within the same rule set.

A user, customer or client of any commercial organization covered by the law, have the right to information protection; through the implementation of necessary security measures.

To further safeguard privacy, organizations are required to destroy or get rid of personal data when it’s no longer needed.

For organizations to:



Distribute data

They must always seek your consent first. If approval is given,  mostly through online check boxes, data will get handled and used as stated in the agreement

Any personal information collected should be:




However, organizations should only stick to data that’s relevant to their business.

If personal information gets sought, you have the right to inquire, and even decline, giving out such info if you’re unsatisfied with the request’s reasons.

On the downside, since the Act only applies to commercial activities, collecting, using and disclosing data for personal purposes is not addressed by the law.

It also exempts organizations that may use, disclose or collect your personal information for purposes related to:




And finally, just like most other countries, the police can access or obtain your information without consent.

All they need to do is demonstrate sufficient reasons to conduct an investigation or take your data in the case of an emergency.

Overall, the law is governed by the 10 basic principles of fair information practices:

#1 Recourse: Complaint procedures used should be simple, understandable and accessible to everyone.

#2 Individual Access: You have the right to request and gain access to private or personal data collected by an organization

#3 Openness: All terms and conditions should be available, understandable and easily accessible

#4 Safeguards: Organizations are obliged to implement security measures to protect your data

#5 Accuracy: Data collected should be up to date, accurate and complete

#6 Limiting Use: Data should strictly be used only for the purpose it was collected

#7 Limiting Collection: Only necessary personal information can be collected by an organization

#8 Consent: Organizations must explicitly inform you why they are collecting your data and how they’ll use it

#9 Identifying Purposes: Organizations should identify the purposes of data collection ahead of actual collecting it.

#10 Accountability: Organizations should dedicate sufficient resources, to oversee privacy issues

Provincial Privacy Laws

Canadian provinces are pretty much like U.S. states. Each area gets regarded as a separate territory within a country, with its set of legislations governing both private and government agencies.

As previously reported, areas governed by regulations similar to PIPEDA are excluded from the act. Organizations in Quebec, for instance, are governed by an Act Respecting the Protection of Personal Information in the Private Sector

Meanwhile, British Columbia has enacted its own Personal Information Protection Act, same as Alberta’s Personal Information Protection Act.

Provinces that PIPEDA applies include:



Prince Edward Island


Northwest Territories



New Brunswick


Through their personal Information Protection Acts, both British Columbia and Alberta have included privacy laws governing employee data. Newfoundland and Labrador, New Brunswick, and Ontario have enacted privacy legislation applying to health information through:

Personal Health Information Act

Personal Health Information Privacy, and Access Act

Personal Health Information Protection Act

In Summary…

Going by these regulations, we can safely conclude that Canada is a great place to store sensitive or private data in the cloud. And based on this, complies with all federal and provincial data privacy laws as stipulated in Canada.

Additionally, it’s evident that user information is adequately protected. That said, just like with all cloud providers, keep any illegal data like copyrighted material away from Sync. What do you think about Justin Bieber’s home country and its data privacy regulations? Share your thoughts with me in the comments section below.

One thought on “Cloud Storage in Canada: Understanding Canadian Federal and Provincial Data Laws”

Leave a Reply

Your email address will not be published. Required fields are marked *

More about

Most Visited News