The U.S. Patriot Act and Canadian Data Security

Mention hosting data remotely to most people, and you will hear expressions of various concerns, such as:

  • Data might be inaccessible at times due to Internet failure;
  • Unauthorized people might see the information; orGovernment agencies could gain access to your personal or business data.

lores_DOJ_US_Department_Justice_Seal_Logo_goldAdd the U.S. Patriot Act to the mix and the reactions and anxiety are likely to become even stronger. Many companies and individuals fear that the American law gives the U.S. federal government sweeping powers to look at any data at any time for any reason. Before making a decision to embrace a cloud computing solution that involves hosting data in the U.S., you should separate myth from reality.

First, it is critical to be aware that today’s information technologies make it easy for organizations and individuals to exchange information quickly around the globe. This transborder data flow is becoming increasingly popular as both companies and governments take advantage of outsourcing.

In today’s global economy, suppliers can be located anywhere. Even if a domestic supplier is chosen, it may have offices located in other countries. When a supplier is hired to administer personal information and any parts of its operations, including subcontractors, are outside of Australia, the laws of the other countries may be applicable to information stored or electronically accessible in the foreign country. If a company located in the United States or with U.S. connections is hired, then the U.S. Patriot Act may be applicable.

That legislation primarily extended to anti-terrorism the provisions that originally were used simply to deal with typical criminal investigations. The law permits U.S. law enforcement officials to seek a court order giving them access to the records of a company or individual, sometimes without the suspect’s knowledge. Any organization with a presence in the U.S. or controlled by a U.S. business may be subject to these court orders and compelled to comply with the warrant.

In some circumstances, the law may have made it easier for the U.S. government to gain access to personal data. It did not, however, “fundamentally alter the right of the government to that data in those circumstances,” according to an article written by Jeff Bullwinkel, Associate General Counsel and Director of Legal & Corporate Affairs, Microsoft Australia. In other words, the U.S. government has long had the ability to seek access to personal information in pursuit of legal investigations.

How does the U.S. Patriot Act affect American government access to information that is stored outside of the U.S.? If the data is under the control of a U.S.-headquartered company, the government can use the law just as if the information were stored inside the U.S. If the company is not an American company the U.S. Patriot Act does not apply, although there still are ways the U.S. can gain access to the information it is seeking.

The U.S. has long had many cross-jurisdictional agreements that allow law-enforcement agencies in one country to gain access to data stored in another country. Government agencies in every country at some time have legitimate needs to access information to enforce their nation’s laws. Increasingly, that information is stored in foreign jurisdictions. While different laws and international agreements help facilitate access to this data, both domestic and some foreign laws maintain strong protections.

Deciding where to store your data has become increasingly complex as the options have expanded from storing data on a computer you or your business directly controls to sending the information into the cloud and storing it on some server remotely located anywhere on the globe. Wherever you decide to store information, be certain that appropriate measures are in place to protect that data from unauthorised access.

Take the time to become informed about the pros and cons of the many places and methods available for storing data. Consult with your advisers to learn how various laws may or may not protect your information and then make an informed decision that is within your comfort zone.

«
»