Security and Compliance

The Importance Of Using A Canadian Data Center As A Canadian Organization

With remote work booming and most Canadian companies steering towards using the cloud to host most of their data, it is important for the leaders of these organizations to understand the complexity of the cloud and how their data is being stored in a central datacenter that makes up “the cloud.” It is further crucial to to know and understand the physical location of that datacenter and/or server. 

While there are over 1 billion gigabytes of data out there, as digital privacy and data security measures increase, if you are a Canadian company storing data outside of Canada, the processes will start to become progressively complicated. 

A datacenter’s physical location seems more often than not to be one of least priorities for many organizations, however, it should be the top. Data is protected by the Candian constitution if the hosting server is in Canada. However, if your data centers/servers are outside of Canada, your data may be open to seizures or other types of mass surveillance by security companies from other countries.

Canadian Privacy Laws: A quick run through

In Canada, both public and private sector organizations are held accountable to government laws and rules that cover the storage and use of personal information. As such, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) put new changes into effect in late 2018, emphasizing how Canadian private organizations are accountable for protecting information during transit and outsourcing.

This ultimately means that even when transferring data to a third party, organizations are completely responsible for any personal information they have collected. 

PIPEDA states that consumer data is protected across the country. However, Information can cross borders, and the Canadian business remains liable for any problems. Yet, depending on where you are located and its provincial laws, you may be unable to transfer your data outside of Canada.

Thus, data sovereignty is required by the Canadian Privacy Act and PIPEDA.

Potential Risks of out-of-country storage: 

Although as stated above, PIPEDA does not always prohibit the transfer of data out-of-country, it is essential to remember that: 

  1. Once your organization’s data leaves Canada, it is subject to the laws of the country in which it is stored. 
  2. Although a contract with a third-party provider is intended to ensure information is protected by said third party, your organization will ultimately be held liable for anything that happens to the data outside of Canada.

Jacques Latour, Chief Technology Officer at CIRA, highlights that, “once your data travels outside of Canada’s borders it is open to the laws of the land. In the U.S., for example, Canadians have no right to privacy. We know that a portion of Canadian data travels south based on the nature of our internet’s infrastructure and how we navigate the web.”

Additionally, it is important to note that for your “data to be protected by Canadian law against things such as the USA Freedom act, sweeping server seizures under the Digital Millennium Copyright Act, the loss of net neutrality, and/or other foreign laws or policies, your website must be hosted on Canadian soil.

Data Center/Server Regulations: 

As noted above, Canadian organizations and datacenters are solely responsible for any personal information collected. This means that they are required to provide an equal amount of protection through contracts or other means while the information is being processed by a third party.

This means that: 

  1. All information that is being transferred for processing must solely be used for the purpose of the original collection. 
  2. When receiving the data, datacenters must provide an equivalent level of data protection that is seen by said Canadian organization. 
  3. When handling the data, organizations must ensure transparency in regards to data handling processes and any practices pertaining to personal information. 


A 2019 study conducted by the CIRA, concluded that Canadians trust websites more if they are hosted in Canada. The findings found that 64% of Canadians prefer making online purchases from a Canadian retailer. Additionally, 75% are comfortable making purchases on a Canadian retail or government site vs. only 55% on a U.S. website. 

By proving that Candians trust Candian hosted data centers and servers the most, it is crucial that when hosting data outside of Canada, customers are notified that their information may be seized by a foreign country.

Thus, in most instances, hosting your data on a Candian server is the best way to simplify processes by removing all additional work, risk and uncertainties associated with sending confidential data across international borders. 

Learn more about VITAY and it’s technical architecture that is built to protect your organizations data.