Protection from the US Patriot Act
As part of its battle against terrorism, the United States enacted the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (the “Patriot Act”) which allows US authorities to access data, including personal information, in the custody or control of a service provider located in the US. Many organizations are concerned about this kind of government access to their proprietary data and employee personal information.
Canada has implemented legislation to prevent or minimize the reach of the Patriot Act into Canada. As a company headquartered in Canada, Jostle is not subject to the Patriot Act with respect to personal information stored in the data centers we use outside of the US. By contracting Jostle’s services that provide personal data storage on data centers located outside the US, your users’ personal information will be much further from the reach of the Patriot Act.
If you are buying a cloud-based service from a US located company, or a company whose data centers are located in the US, your users’ data can be legally accessed by US authorities under the Patriot Act without your permission or even your knowledge. Canadian customers whose services originate from Jostle’s data centers located in Canada, will have their personal information protected against the Patriot Act by Canada’s robust Privacy Laws. EU customers whose services originate from data centers located in the EU, will have their personal information protected against the Patriot Act by EU privacy laws.
If you are a Public Body that is subject to a “personal information storage in Canada” policy or legal requirement, you can be compliant with your obligations if you use Jostle’s services that originate from Jostle’s data centers located in Canada and purchase our ‘FOIPPA’ (aka FIPPA or FOIPA) option. British Columbia (see the Freedom of Information and Protection of Privacy Act) and Nova Scotia (see the Personal Information International Disclosure Protection Act) both require all their Public Organizations to store their personal information in Canada (subject to certain limited exceptions).
Jostle’s in-country FOIPPA option
Your Jostle intranet is designed from the ground up to help you keep your corporate information private within your company and to allow individuals to reasonably control their own personal private information. However, a number of jurisdictions require even more stringent measures than this, particularly publicly-funded organizations like cities and government agencies.
The Jostle platform’s FOIPPA option is designed to keep personal private employee information inside their country. This is currently designed to meet the strict requirements of Canadian provinces like British Columbia and Nova Scotia, but it can be made available for other jurisdictions that require data to be kept “in country”.
No information outside of country
One of the key requirements for a number of jurisdictions is that no personal private information is stored outside of their country. With the FOIPPA option, Jostle stores all content in User Profiles and Discussions in the designated country.
No user access outside of country
Normally where there is a requirement to store personal private information within a specific country, there is also a requirement that users not access information from outside that country. Jostle’s Canadian FOIPPA option only allows user access from known Canadian IP addresses. This includes access from mobile phones.
Although Jostle’s FOIPPA option provides the tools, good governance is still required to ensure compliance. Note that material posted by NEWS Reporters and Librarians may be stored outside of the designated country so that we can provide the best viewing technologies for this content. The best practice is to train your Reporters and Librarians to never place personal private content in NEWS or LIBRARY.