We have been receiving a lot of questions from prospective partners about how we comply with the rules around private information as it pertains to healthcare in Canada. The simple answer is that we provide secure and redundant infrastructure to our healthcare partners and work with them to recommend best practices and procedures for securing their own virtual instances that reside on our public cloud.
While that explanation might seem broad for such an important topic, the laws pertaining to personal information protection in Canada are complicated, technically nonspecific, and just plain hard to grasp.
We have created this “Guide to Protecting Private Healthcare Information in the Canadian Public Cloud” to help inform our partners and clients about how they can use our public cloud and be in compliance with Canadian privacy laws.
Download Cloud-A’s Guide to Protecting Private Healthcare Information in the Canadian Public Cloud
It was a fortunate coincidence that not too long after we started up Cloud-A, Snowden came out with all the information about how data privacy was at risk, more than almost anyone would have thought possible at the time. Shortly after that it became clear that Canada is not without its challenges in this area as well. We see this kind of interference clearly as abuse, that will hopefully one day be corrected and seen historically as a very unfortunate oversight that as of today is in great need of being rectified.
Our values are simple and very straight forward: everyone should have the right to privacy unless they are doing something that is illegal. In that case the legal process dictates that the authorities who are conducting an official investigation have the right to collect data for the purposes of that investigation that is bound and defined by way of a warrant. In our view, to provide anyone any of our clients’ data without a warrant or their consent would be not only unethical but would also be a violation of our clients’ fundamental right to privacy.
In addition, we are committed to telling our customers about all government data requests. We promise to tell users when the government seeks their data unless prohibited by law. The idea being that this gives users a chance to defend themselves against overreaching government demands for their data.
To be fair, we have not had very many requests for this kind of thing so far. We think that’s a good thing, it tells us that our users are by in large not doing anything that would give anyone cause for concern in this way, and it also tells us that the authorities are not as overly ambitious as compared to what it sounds like happens in other regions. That being said, we know that with our continued growth it’s just a matter of time before this kind of thing will be more relevant for us and our clients in the future. As a result, we thought it would be appropriate to make a comment about our intentions moving forward.
In addition to protecting our clients’ privacy to the extent of our legal abilities, we are committed to publishing statistics on how often we provide user data to the government in general terms.