Protection from the US Patriot Act
As part of its battle against terrorism, the United States enacted the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (the “Patriot Act”) which allows US authorities to access data, including personal information, in the custody or control of a service provider located in the US. Many organizations are concerned about this kind of government access to their proprietary data and employee personal information.
Canada has implemented legislation to prevent or minimize the reach of the Patriot Act into Canada. As a company headquartered in Canada, Jostle is not subject to the Patriot Act with respect to personal information stored in the data centers we use outside of the US. By contracting Jostle’s services that provide personal data storage on data centers located outside the US, your users’ personal information will be much further from the reach of the Patriot Act.
If you are buying a cloud-based service from a US located company, or a company whose data centers are located in the US, your users’ data can be legally accessed by US authorities under the Patriot Act without your permission or even your knowledge. Canadian customers whose services originate from Jostle’s data centers located in Canada, will have their personal information protected against the Patriot Act by Canada’s robust Privacy Laws. EU customers whose services originate from data centers located in the EU, will have their personal information protected against the Patriot Act by EU privacy laws.
If you are a Public Body that is subject to a “personal information storage in Canada” policy or legal requirement, you can be compliant with your obligations if you use Jostle’s services that originate from Jostle’s data centers located in Canada and purchase our ‘FOIPPA’ (aka FIPPA or FOIPA) option. British Columbia (see the Freedom of Information and Protection of Privacy Act) and Nova Scotia (see the Personal Information International Disclosure Protection Act) both require all their Public Organizations to store their personal information in Canada (subject to certain limited exceptions).
European-Level Personal Information Protection
Europe imposes the strictest privacy laws applying to the protection of personal information — much more so than the US. The US has no single data protection law equivalent to the EU’s Data Protection Directive (EU Directive 95/46/EC). Consequently US-based cloud services participate in and are certified under the “US-EU Safe Harbor” program developed jointly by the US Department of Commerce and the EU in order to hold EU-derived data. All of the data centers that Jostle utilizes in the US are certified under the Safe Harbor program.
The Canadian Personal Information Protection and Electronic Documents Act (SC 2000, c 5), and Canada’s various Provincial Privacy Laws, are much more comparable and equivalent to the EU Data Protection Directive and have the force of law throughout Canada. European-based customers, or customers who have any EU employees, can confidently use the Jostle® platform knowing that their EU Data Protection Directive obligations are being fully complied with: their personal data will be well protected by Canadian privacy laws if they are using Jostle services hosted on Canadian data centers, or will be protected by the high standards of EU privacy laws if they are using Jostle services hosted on our European data center.
If you are an organization that is subject to any data protection laws, policies or guidelines of a European country that prevent or limit data storage or processing in the US because of Patriot Act or similar concerns (see above), then using Jostle services hosted on data centers in Canada or Europe is a clear and compelling alternative.
Jostle’s in-country FOIPPA option
Your Jostle intranet is designed from the ground up to help you keep your corporate information private within your company and to allow individuals to reasonably control their own personal private information. However, a number of jurisdictions require even more stringent measures than this, particularly publicly-funded organizations like cities and government agencies.
The Jostle platform’s FOIPPA option is designed to keep personal private employee information inside their country. This is currently designed to meet the strict requirements of Canadian provinces like British Columbia and Nova Scotia, but it can be made available for other jurisdictions that require data to be kept “in country”.
No information outside of country
One of the key requirements for a number of jurisdictions is that no personal private information is stored outside of their country. With the FOIPPA option, Jostle stores all content in User Profiles and Discussions in the designated country.
No user access outside of country
Normally where there is a requirement to store personal private information within a specific country, there is also a requirement that users not access information from outside that country. Jostle’s Canadian FOIPPA option only allows user access from known Canadian IP addresses. This includes access from mobile phones.
Although Jostle’s FOIPPA option provides the tools, good governance is still required to ensure compliance. Note that material posted by NEWS Reporters and Librarians may be stored outside of the designated country so that we can provide the best viewing technologies for this content. The best practice is to train your Reporters and Librarians to never place personal private content in NEWS or LIBRARY.