I’m going to continue along the thread of Software as a Service that I started last week, and tell you about a problem that’s developed with one of the more common service offerings. The problem relates to online backup services, sometimes referred to as remote backup.
The basic premise is simple… as a business owner, you want to ensure that your data is backed up safely, and that it’s stored off-site. So you subscribe to a service to do this for you. The service you subscribe to enables you to select data that is sent encrypted over the Internet, so that it’s kept elsewhere in case something bad happens to your office premises. Everything is peachy-keen, right?
Maybe it is. Then again, maybe not.
Update: CPG Systems has started doing remote/ online backups. Visit their website for more information
The problem you might encounter was very well summarized in a recent Globe And Mail article. The issue revolves around the difference in U.S. and Canadian privacy laws; essentially, any information stored on a U.S. based computer is subject to U.S. law. And that includes things like Google Apps, as well as online backup data.
The crux of this comes about because of the Patriot Act, which gives American authorities fairly wide-ranging powers when it comes to information retrieval. The data can be retrieved by issuing writs or warrants, and the information can then be used by U.S. authorities to develop a profile.
Canadian laws around privacy are comparatively strict on the other hand. Getting a copy of information stored by Canadian companies on Canadian servers is very difficult. And Canadian courts are careful about maintaining the integrity privacy laws.
So what does this mean for businesses? Well, if you’re subscribing to a service, you need to know where the information is being kept. And in extreme cases, you need to know who is carrying the data. Data transmissions that travel from Vancouver, down to Seattle then California and along the Gulf coast and then back up to Montreal, may also be subject to interception by U.S. authorities.
This is of particular concern for law firms, accountants, and those in the medical profession. Can you imagine the furore if a law firm had their information rifled through by the U.S. government, because they thought that the author might pose a terrorist threat. But really, anyone with concerns about the privacy or integrity of their data should be aware of this issue.
So talk to your technical services provider about this and other security issues. And make sure that your information stays where you need it to be.
Post a Comment