Sunday, February 13, 2011

CRM Online and Canadian Privacy Law

CRM Online is usually my preferred CRM deployment for most projects; but recently I have encountered a number of legal barriers due to the geographical location of the Microsoft data centers. For cloud deployments of Dynamics CRM in North America, the data is physically hosted in USA which triggers a long discussion with legal departments with our customers.

For our Canadian customers, we are bound to comply with the Canada Privacy Law (http://laws.justice.gc.ca/en/P-21/index.html) which clearly prohibits the export of sensitive or government data. Furthermore, The Patriot Act in the USA poses additional threats to Canadian privacy law:
The Act permits U.S. law enforcement officials, for the purpose of an anti-terrorism investigation, to seek a court order that allows access to the personal records of any person without that person’s knowledge (http://www.tbs-sct.gc.ca/pubs_pol/gospubs/TBM_128/usapa/faq-eng.asp#Q1)
We must be very diligently evaluating the kind of Data that would be hosted in a CRM Online organization and where this data is to physycally reside. I wouldn't imagine Microsoft opening data centers in every country but I also imagine this to be a very common problem. It would be interesting to know what strategy does Microsoft envision or offer to deal with this kind of restrictions (if any).

2 comments:

  1. Hi there

    Do you know if Microsoft has any plans to open a datacenter in Canada for hosting MSCRM online? I am currently researching this very issue - working for a small not for profit in Ottawa, and a SAAS solution would be perfect if it was hosted in Canada

    ReplyDelete
    Replies
    1. not that I know, nothing announced officially either

      Delete