Law and Order: A growing company weighs data privacy controls

Borderless networks: The ability to exchange data anywhere and anytime between anyone and anything, securely and reliably, around the world. It’s a romantic idea – but it’s not real. Data centers and business executives alike know that where data is hosted – data residency – is a fundamental concern when selecting a hosting partner. All countries are not created equal when it comes to data privacy laws.

Last year, ServerMania, an infrastructure and data hosting company based in Toronto and Buffalo, needed to expand its existing server infrastructure to meet increasing client demand. They began evaluating potential expansion locations in the U.S. and Canada using key filters like data residency.

Whereas the U.S. protects the interests of big businesses and the state, Canada’s consumer-focused privacy legislation prioritizes citizens and companies of every size. Set up both to protect the privacy rights of individuals and businesses, and to align Canadian data protection laws with Europe’s, the Personal Information Protection and Electronic Documents Act (PIPEDA) is the primary law covering commercial activity. Its broad principles govern the gamut of security safeguards that companies storing personal data have to use, including physical, organizational, and technology measures.

Under PIPEDA, European data can be stored in Canada without risk. In the U.S, it’s a different story. The EU-US Safe Harbor Principles, which let companies with European operations store the EU citizen’s personal data in the US, was declared invalid in 2015. An alternative – the EU-US Privacy Shield – is now in place, but there is the potential for legal challenges, creating a climate of uncertainty that’s problematic for a business that houses data from thousands of companies around the world.

Also important in Canada are the laws limiting the use, disclosure, and retention of data. In short, organizations cannot use or disclose personal information for purposes other than those that have been previously identified and received consent. Additionally, data can only be stored for as long as it’s necessary to fulfill those purposes. Compare that to the U.S. where the Trump administration is repealing the FCC’s broadband privacy protections, effectively allowing ISPs to sell personal data without prior consent. Under PIPEDA, that can’t happen in Canada.

More broadly, strict privacy controls mean doing any business here demands a willingness to submit to a stable, mandatory privacy regime. If yours is a company that builds its reputation on caring about the privacy of your customers, Canadian data hosting only strengthens it. And arguably, it inspires businesses to implement robust internal policies that support compliance, which perhaps isn’t imperative in nations that are less focussed on privacy.

For ServerMania, Canada was the obvious choice. The company has a long- established reputation as a pro-privacy infrastructure hosting provider. It voluntarily implements strong privacy policies that protect client data, and believes that Canada’s strict, modern and transparent laws only make it easier to deliver data storage that is unequivocally private and secure.

Protecting data privacy is imperative – but it’s only one of many criteria in appraising colocation partners. Next step: evaluating the Canadian infrastructure environment, and testing the competition in Montreal, the hub of Canada’s “data center gold rush.”

Is your company weighing its colocation options? Click here to read more about ServerMania’s decision-making process, in Case Study: ServerMania and ROOT Data Center