How Are Canadians Affected By The USA Patriot Act And Cloud Computing?
Whether Canadians like it or not, they are affected by the US Patriot Act. While some of the previous issues have been settled already, some new issues are already popping up – issues with cloud computing. The US Patriot Act, otherwise known as the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, was passed after the World Trade Center attack in September 2011. The law provided a way for US law enforcement agencies to seize business records and block electronic communications. Under this law, any law enforcement official can ask an electronic communication service provider to provide them with information without first letting the affected organizations or individuals know. By issuing a National Security Letter, the service provider can easily hand over any information.
Canadian organizations themselves are not precluded from tapping cloud services based in the USA if they are only servicing the private sector. The privacy laws of Canada do not prohibit any personal information transfer for storage and processing as long as the said transfer doesn’t make use of the personal information in any manner which wasn’t agreed upon by the organization and its clients; the organization maintains accountability for the personal information protection; the organization will provide the same level of data security as is required by Canadian law; and the said arrangement is disclosed to the client.
In 2009, the Office of the Privacy Commissioner of Canada conducted a survey, which compared Canadian surveillance laws with those of France, the UK, and the US. From 1990 up to the present, the US and Canada have had a Treaty on Mutual Legal Assistance in Criminal Matters wherein both countries have committed to helping each other with criminal investigations – even the Canadian Security and Intelligence Service Act issues secret warrants for the seizure and interception of electronic data. Communications relating to foreign parties can be intercepted by the Canadian Communications Security Establishment upon the order of the Minister of Defense, acting on the powers provided to the minister by the National Defense Act. The Criminal Code of Canada also allows electronic data seizures.
However, when an organization is servicing the public sector in Nova Scotia or British Columbia, it must seek legal advice. There are laws in Alberta, Nova Scotia, and British Columbia which prohibit data storage outside Canada.
By Florence de Borja