A number of our clients have legal responsibilities that are challenging for us in the age of SaaS, PaaS and other aaSes.
First… a bit of context…
The majority of these services are US-based and subject to the US Patriot Act. Our clients are in breach of their responsibilities when using a US-based service because of the Patriot Act. As such, we must ensure that data reside on Canadian soil or on soil that respects our clients' legal obligations. I imagine this issue is not limited to Canada.
Some US-based companies started to offer data residency in other countries. This is not necessarily satisfactory for some of our clients. The US government can compel US companies to provide data under its control or that of its subsidiaries, whether on US or non-US soil and regardless whether the data belongs to a US national or not.
This is a challenge for D-Cogit. We exchange freely with our clients about their confidential information through conversations, documents and solutions. We have not been able to find many suitable service providers that can guarantee the respect of Canadian law.
For example, we can not use Slack. It is both a US company and there is no option for Canadian residency of data. This would put us and our clients at risk if anyone communicated about patient information on Slack. We would need to ensure communications and document exchanges with our medical and para-medical clients contain no patient information. This would be a ticking time bomb – I believe it would only be a matter of time before someone slips up.
We started making a list of non US-based service providers. I would appreciate your knowledge in this field. It being 02:25 right now, I need to wait until mid-day to start this list – I am sure my team would not appreciate if I were to wake them right now.
Thanks in advance!