#MovingtoCanada: Data privacy implications for U.S. start-ups considering a post-election move

It’s become an election season trope: Americans dissatisfied with the election results threatening to move to Canada — even causing Canada’s immigration website to crash on Election Night 2016.

  • In 2016, 12% of Americans said they’d like to move to Canada. By 2019, that number reached 26%.
  • The same Gallup poll found that 30% of Americans under 30 wanted to leave the country; 40% of young women polled said they wanted to leave the country.
  • About 2,000 more Americans than normal have moved to Canada since Trump’s election, in part due to immigration policies like the H1B visa ban.

But what about U.S. start-ups looking to take their business North? 

Canada is known for being especially welcoming to entrepreneurs and has been called a “start-up Mecca, rivalling Silicon Valley.” (Canada’s Start-up Visa Program has made the process that much easier.)

As a data privacy expert and HIPAA compliance resource provider, Gazelle helps clients navigate U.S. and international privacy laws. 

Contemplating a post-election move? Here’s what you need to know:

Canada’s privacy laws are far more robust than the U.S. 

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a federal privacy law that applies to the collection of personal information regardless of the technology used.

Organizations covered by PIPEDA must obtain an individual’s consent when they collect, use or disclose that individual’s personal information. 

Under PIPEDA, people have the right to access their personal information held by an organization. They also have the right to challenge its accuracy.

Unlike HIPAA, under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. 

This includes information in any form, such as: age, name, ID numbers, income, ethnic origin, or blood type; opinions, evaluations, comments, social status, or disciplinary actions; and employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs). 

Personal information must be protected by safeguards and can only be used for the purposes for which it was collected. 

There are provincial privacy laws you may also need to contend with.

If you operate in a Canadian province with private sector privacy legislation deemed to be substantially similar, you will have to comply with that province’s law.

If you operate in more than one province, you may have to comply with more than one statute. For example, if you plan to operate in Ontario, you’ll want to be familiar with the Personal Health Information Protection Act (PHIPA).

You may be required to keep data within Canadian borders. This could mean migrating data or segregating data centers.

PIPEDA, at the federal level, does not require all Canadian organizations to keep data in Canada. 

However, depending on the province your business is located in, which industry you work in, and whether you operate in the private or public sector, you may be required to keep data within Canadian borders.

Contemplating a move? There are steps you should take to safely and securely migrate your business (and data).

You don’t have to go it alone. 

Data privacy experts — like the team at Gazelle Consulting — can help walk you through the myriad privacy laws, develop policies and procedures to comply with the 10 PIPEDA guidelines and provide you with a PIPEDA resource checklist.

Nav close