Cisco is committed to the protection and privacy of our customers’ data. Knowing that some Webex customers in Canada have sensitivity to data residency and need additional flexibility to host data locally, multiple data centers are now active in Canada. As previously announced there are three new Webex data centers in Canada that perform Webex functions and secure your valuable information. The Vancouver data center provides Webex calling features with compliance to Canada’s federal PIPEDA (Personal Information Protection and Electronic Documents Act) legislation, and the data centers in Toronto and Montreal are now live and available for Webex customers who want to host the full Webex Meetings stack in-country.
By utilizing a local Canadian data center for Webex, you have compliance to local and regional Canadian regulations including keeping all your meetings sessions and storage in Canada. User generated content, such as files and recordings, and troubleshooting data will be processed and stored in Canada. With multiple data centers, Webex provides redundancy and resiliency of your data. Webex further supports our customers in the public sectors in British Columbia, Nova Scotia, and Quebec, as well as those in the healthcare and financial sectors through adherence to local regulations.
The Data Sovereignty act requires notification to consumers if personal data is stored outside of the country. PIPEDA requires a user’s consent before using or collecting personal information. FIPPA requires information to be stored in Canada.
BC law through Bill 52 amended FIPPA, the Freedom of Information and Protection of Privacy Act which governs how public bodies in BC collect, store and use personal information. It repeals data sovereignty rules, now allowing public sector organizations to disclose, store and allow access to personal information outside of Canada, and it requires organizations to develop a privacy management program and disclose privacy breaches.
Quebec Bill 64 amended requires private organizations, before transferring personal information outside of the province of Quebec, to conduct data privacy assessments and enact appropriate contractual safeguards.
Nova Scotia data residency requirements. The NS government complies with PIIDPA, the Personal Information International Disclosure Protection Act. This Act provides additional protection to the personal information held by Nova Scotia “public bodies” and municipalities when that personal information is being collected, used or disclosed by those organizations. This act requires the Government of Nova Scotia and its service providers to store, access and disclose personal information within Canada (with a few exceptions).
Building on the commitment to provide full transparency, Cisco also provides privacy data sheets for all products within the Webex family. Privacy data sheets describe the processing of personal data (or personal identifiable information) by Webex. The meetings data sheet can be found at Cisco Webex Meetings Privacy Data Sheet – Cisco. Additionally, we build all products in accordance with the Cisco Secure Development Lifecycle (SDL), which includes privacy impact assessments, proactive penetration testing, and threat modeling. Cisco’s Security and Trust organization oversees security and privacy for Webex, and publicly discloses security vulnerabilities. The Cisco privacy program has been validated by independent third parties, including the EU (European Union) privacy regulators and TrustArc.
Cisco is a trusted member of The Cloud Security Alliance. This alliance contains The Security, Trust, Assurance, and Risk (STAR) Registry, a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. Publishing to the registry allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to.
Cisco is making our Cloud Controls Framework (CCF) public. The Cisco CCF is a rationalized framework with comprehensive control requirements taken from numerous, globally accepted, security compliance frameworks and certifications. It provides a structured, “build-once-use-many” approach for achieving multiple regional and international certifications, enabling market access and scalability, as well as easing compliance strain.
If you are a current Webex customer in Canada, you will be asked to migrate your data to the local data centers. Webex support will help you make the transition, so you know where your data is located and where your cloud services are performed. Migration is usually performed during your regular maintenance window, which should minimize any disruption and not require additional effort from you. Current Webex customers in Canada will receive a notice about your migration process. If you wish not to migrate at this time, you can choose to opt out.
If you are not a current Webex customer, you are welcome to convert your communication services to Webex and our Canada data centers. Please contact our sales office to get started or answer your questions. Webex Sales office