Privacy Commissioner OKs outsourcing to US
| October 20, 2005
Responding to complaints under PIPEDA about a bank's practice of outsourcing customer data to a US firm, thus exposing the data to covert FBI investigations under the USA PATRIOT Act, the federal Assistant Privacy Commissioner found that the Bank's practice did not violate PIPEDA. Specifically, she found "that the [PIPED] Act cannot prevent U.S. authorities from lawfully accessing the personal information of Canadians held by organizations in Canada or in the United States, nor can it force Canadian companies to stop outsourcing to foreign-based service providers. What the Act does demand is that organizations be transparent about their personal information handling practices and protect customer personal information in the hands of foreign-based third-party service providers to the extent possible by contractual means."
CIPPIC info on PATRIOT Act (scroll down)