Important - Our phone VoIP provider is experiencing extended technical difficulties. If you are unable to reach us on our main line, please call our temporary number 365-652-6971.

Microsoft 365, Canadian Privacy and the Patriot Act

There is all this talk about cloud services such as email, servers, and storage to mention a few.  One of the biggest question is how does Microsoft 365 address Canadian privacy and the Patriot Act?

In this article we will address some key points regarding Microsoft 365 and privacy.  For any company considering Microsoft 365, Microsoft has a fantastic tool called Microsoft 365 Trust Center.  Smart businesses know that people and data are the most important assets to any business.


Which compliance standards does Microsoft 365 meet?

Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) shows how private sector organizations collect, use, and disclose personal information in the course of commercial business.

Health Insurance Portability and Accountability Act (HIPAA) covers entities under the law security, privacy, and reporting requirements regarding the processing of electronic protected health information.  Microsoft will sign a HIPAA Business Associate Agreement (BAA) to meet this standard.

Data processing agreements (DPAs) provide customers with contractual assurances through DPAs regarding Microsoft handling and safeguarding of customer data.  Microsoft is commit to over 40 security commitments collected from regulations worldwide.

Federal Information Security Management Act (FISMA) requires U.S. federal agencies to develop, document, and implement controls to secure their information.  Microsoft 365 follows security and privacy processes relating to FISMA.

ISO 27001 is a security benchmark worldwide and Microsoft 365 is the first major business public cloud service to have implemented the rigorous set of physical, logical, process and management controls.


So how does the Patriot Act come into play?

The Patriot Act has attracted some criticism due to where the data is stored however data will always be subject to lawful disclosure to law enforcement.  In Canada this would include search warrants under the Criminal Code of Canada and the Canadian Security Intelligence Service Act.  It would also be subject to subpoenas such as those issued under the Income Tax Act.

As many people are concerned with the Patriot Act, there is a bigger concern where many European countries permit law enforcement access to information more than in both the United States and Canada.


365 iT SOLUTIONS is a leading IT consulting firm in Toronto. We provide industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by


More News

Get a Free Network
Assessment (Value $1,997)

No Obligation. No Risk. Completely Free.