On the evening of November 8, our American neighbors returned to the forefront of the global stage—though not in the context many of them would have hoped for. The election of Donald Trump as President of the United States has revived the debates around the issues he strongly emphasized during his campaign: cybersecurity and data surveillance, whether private or professional, have become his number one priority as president-elect.
Emphasizing cybersecurity by strengthening surveillance powers
In his interview on the Hugh Hewitt Show last December, Donald Trump did not hesitate to say that he would fully support the reauthorization of the U.S. Patriot Act and the NSA’s metadata collection program. When asked whether he was in favor of restoring the Patriot Act, he explained that it would be “logical” and confirmed his support for legislation that would allow the NSA to hold mass metadata. He even suggested creating a court, available at all times, to regulate access to this metadata.
During one of the debates against Hillary Clinton, he also referred to the dispute with Apple regarding the decryption of the iPhone involved in the Orlando attack with the unequivocal statement: “Who do they think they are at Apple? They have to unlock [that iPhone].”
All of these declarations, coupled with the fact that Donald Trump is now President of the United States, point to one crucial reality: the security of your data—private or professional, however sensitive or confidential—is at risk if it is hosted in the United States or managed by an American company.
The restoration of the Patriot Act: bad news for organizations
For those who may not know, here is a quick overview of the situation. Following the September 11, 2001 attacks, the Bush administration enacted the U.S. Patriot Act, a law designed to better prevent terrorist threats. Under this law, U.S. federal intelligence agencies were granted tools enabling them to collect millions of user data records in bulk—without the users’ consent. Needless to say, data security took a significant hit.
In one of my previous articles, “Does your board understand all the risks related to data security?”, I noted that U.S. federal agencies were already legally allowed to access your information without your approval, thanks to this law. And this is far from stopping. On December 1, 2016, Rule 41 came into effect, further expanding the surveillance and hacking powers of these agencies to address technological developments. This means they can now gain access to millions of computers with a single click, even outside their jurisdiction, as long as they obtain a warrant from a U.S. court.
From an organizational standpoint, this translates into the following reality: an American company and its subsidiaries worldwide are subject to this law, which means that your data stored with an American provider may be accessed without your consent. So, think twice before choosing a U.S. provider and ask yourself these questions:
-
Do I want my board data to be accessible without my consent?
-
Am I ready to take responsibility for that?
-
Is this really my only option when it comes to securing my board data?
Rest assured—this does not apply to providers based in Canada.
It’s time to host your board data in Canada
Data security has become a critical issue for many organizations, and adopting a paperless board for your board of directors and committees can bring you peace of mind regarding data protection. Canadian organizations are not subject to the U.S. Patriot Act. However, subsidiaries of American companies based in Canada—or anywhere else in the world—are. It is therefore vital to carefully choose your provider when it comes to storing your sensitive board data.
So, if you ever consider moving to Canada, don’t forget to take your board data with you.
