Security
Technical Blog Feature: Data Security and Compliance at DiliTrust Canada
At DiliTrust, our business is focused on the security of our client’s data. Data security is key in ensuring that the solutions that you choose for your legal and board governance software are compliant with Canadian and international regulations on data privacy.
The DiliTrust Governance suite meets and exceeds all applicable data privacy regulations, and DiliTrust has a number of measures in place to ensure that the over 1 million documents we store for our customers are secure. We’ll examine both the regulations which govern data privacy in Canada, and the data security measures we employ to keep your data safe.

Why Your Data is Safest With DiliTrust
Using the DiliTrust Governance suite and its modules is much safer than using any alternatives hosted either on your own on-premise servers or by third-party cloud hosting services. Those options frequently include servers and equipment that are not managed by seasoned security specialists, which means that they aren’t constantly upgraded and protected from the latest cybersecurity threats. Government organizations, in particular, are faced with the problem of having legacy server solutions in place due to a lack of budget for upgrades. These systems are highly vulnerable to attacks. On the other hand, using a company that specializes in SaaS, such as DiliTrust, ensures that your data is hosted by a dedicated team whose job is to keep it secure, and make sure all IT infrastructure is constantly upgraded and kept up to the highest security standards.What Regulations Need To Be Met in Canada?
The primary regulation that needs to be considered for how your business handles data privacy is the Personal Information Protection and Electronic Documents Act (PIPEDA). This is a federal regulation administered and enforced by the Office of the Privacy Commissioner of Canada. DiliTrust’s easy reporting and dashboards allow you to respond to any information requests easily and with the full set of data required to satisfy information requests required by any regulatory body. DiliTrust’s data security measures keep any information stored by your business on our solutions safe according to the requirements of PIPEDA, and much more. If your business is compliant with PIPEDA, it will usually meet all international data privacy requirements, with the exception of two international regulations: GDPR and HIPAA, which are discussed in more detail below. The secondary regulations that need to be considered within Canada are provincial regulations, some of which require that data is stored in Canada. PIPEDA does not yet require Canadian data residency. However, storing data outside of Canada makes that data subject to the regulations of the country in which it is stored. If it is stored in the US, this means that the data can be accessed by the Department of Homeland Security under the Freedom Act and the Cloud Act.What International Regulations Need To Be Met By Canadian Businesses?
There are two other regulations that can apply to data stored in Canada that may not be adequately addressed by adherence to Canadian regulations, depending on your business and the geographic location of your clients. 1: European Union General Data Protection Regulation (GDPR) GDPR legislation came into effect in May 2018. The most important thing that Canadian businesses need to know about the GDPR is that if your organization is found in violation of it, you can be penalized with massive fines. If a European Union (EU) country citizen’s information is breached in any way, your business could be found to be in violation of the GDPR if proper notification protocols are not followed - even if your business is based in Canada. All DiliTrust software solutions are GDPR compliant. 2: Health Insurance Portability and Accountability Act (HIPAA) This is an American regulation that governs the transmission and collection of the healthcare data of patients. If your business works with American healthcare organizations or clients, your data collection and privacy needs to be up to HIPAA standards. DiliTrust Governance and DiliTrust Exec are both HIPAA compliant.How DiliTrust Keeps Canadian Data Safe
The data of our Canadian clients is stored via physical servers located in Canada. This removes any complications that may arise from storing data outside of Canada, and is particularly important for government and healthcare organizations that need to comply with federal and provincial data residency policies and regulations. In addition to Canadian data residency, DiliTrust undertakes the following measures to safeguard your data:- Password protection above and beyond industry best practices
- ISO-27001 certified
- 256-Bit Encryption of data on servers & mobile devices
- Security measures for data transmission
- Separate security audits & penetration testing
published on 2018/25/07