The Canadian government has implemented laws that govern how private sector organizations can collect and use your personal information. Under the Personal Information Protection and Electronic Documents Act (PIPEDA), personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:
- age, name, ID numbers, income, ethnic origin, or blood type;
- opinions, evaluations, comments, social status, or disciplinary actions; and
- employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).
This means that organizations covered by the Act must obtain an individual’s consent when they collect, use or disclose the individual’s personal information.
By keeping your data in Canada, you are only subject to and protected by Canadian privacy laws. If you were to store your data in a cloud platform operated out of the United States for example, then your information would be subject to the US Patriot Act. The US Patriot Act permits government and law enforcement agencies the ability to search data retained by service providers.