Canada moves to counter U.S. privacy threat
One of my clients recently asked me whether their data is at risk as I work for an American subsidiary of a Japanese company. I did not know how to answer. Any advice?
About Me
- thrashor
- Edmonton, Alberta, Canada
- Returned to working as a Management Consultant, specializing in risk, security, and regulatory compliance, with Fujitsu Canada after running the IT shop in the largest library in the South Pacific.
1 comment:
Hi Chris - I just happened upon your blog.
Having read the article you pointed to, I would assume that your client's data are at risk unless the Japanese company has set conditions on the use of those data. I am unfamiliar with Japanese law, so I don't know if Japan can actually set conditions; however, it seems to me that the question should really be directed at the parent company.
As such, I would probably tell the client something like, "Under US law, your data are at risk; therefore, I would suggest you contact your parent company to see if it has set any conditions on those data. If not, then you're SOL." (Well, maybe not that last part.)
Now I don't know the specific nature of the relationship between you and your client and the data, so maybe it would be more appropriate for you to contact the parent company.
Having said all this, if the company doesn't know or doesn't have an answer, I think you'd have to assume that the data would fall under PATRIOT, and you know what that means...
Cheers,
Steve Joyce
Post a Comment