Browsing the web looking for information about the Patriot Act (the law that generates a constant buzz in the web community), I came across the blog of Cloud Magazine, which analyzes its effects OUTSIDE of the US territory.
Remember that the legislation resulting from the implementation of the USA Patriot Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and obstruct Terrorism Act) extended until June 2015 requires companies under U.S. law to allow U.S. security services to access their data.
Even if a U.S. company uses servers abroad, the Patriot Act also applies outside the US since they are considered an extension of the company. This part of the Patriot Act is not well known, but it raised many issues in Europe. Treasury Board of Canada post this notice: «If a company located in the United States or with U.S. connections is hired, then the USA PATRIOT Act may be applicable » http://bit.ly/Jee6TS..
It is imperative in this case to consider the impact of this law in Canada and around the world because confidentiality and data protection are Board strategic business risks. Data protection is particularly relevant for Boards currently using a Board Portal. American companies offering Board Portals like Diligent Boardbooks and Boardvantage are under Patriot Act. and Canadian Boards should be aware of that fact.
Microsoft’s managing director in the UK, Gordon Frazer, made that admission in June at the Office 365 launching London. After researching the PATRIOT act, Microsoft found that regardless of where data was stored, it could not ensure that data would not be turned over to the US government as the result of a National Security Letter or other government request, because the company is governed by US law. (from Tech law and policy in the digital age : Microsoft admission)
Can a U.S. hosting company that opens a division in Europe no longer subject to the Patriot Act?
The answer is no …
On the website of Cloud Magazine, we are told that the Patriot Act also applies to data stored in Europe by American companies. The experts at Silicon.fr are more specifics:
”It forces companies under U.S. law, their subsidiaries worldwide and their servers hosted in the territory of the United States or abroad, regardless of the nationality of the companies operating them abroad, to comply with the US agencies to access personal data “.
In other words, all American companies dealing with information on servers in Europe can be accessed by the U.S. government by invoking the Patriot Act.. Google also confessed to being in this situation. See zdnet.com
Fortunately for Canadian businesses, the regulation is quite different thanks to the PIPEDA Act. All data hosted by Canadian companies is safe and no access to servers can be authorized without a court order.