Is Your Donor Data Safe? What You Need to Know About Cloud Storage and Compliance 

 Written by Erin Boyce: Data and Digital Director

Canadian charities often store sensitive donor information in databases, and many of these databases are cloud-based. But not all cloud systems store this data on Canadian servers. So, do you know where your donor data is being stored? 

What Is the Cloud? 

The “cloud” means storing data on remote servers that can be accessed through the internet. Cloud computing helps Canadian charities by making it easier and cheaper to store and access data. But it also raises some important questions about privacy and security. The location of your data can affect how well your organization follows privacy laws. Many popular cloud services store data on U.S. servers, which can create problems for Canadian charities. 

What Are the Data Storage Requirements for Canadian Charities? 

Canada’s privacy laws don’t stop charities from using cloud storage outside the country, but the Canada Revenue Agency (CRA) has rules about where certain records should be stored. 

Canadian charities have specific responsibilities under the Income Tax Act (ITA) regarding where and how they keep their data and records: 

• Physical Records: Charities must keep physical records (like books and receipts) at an address in Canada. 

• Digital Records: Some digital records need to be kept on Canadian servers or copied to Canadian servers. 

• What Records Need to Be Kept? 

• Information that helps the CRA determine whether a charity should keep its registration. 

• A copy of each receipt for donations. 

• Information to verify donations used for tax deductions or credits. 

How Can Your Organization Comply with the Income Tax Act? 

To stay compliant with the Income Tax Act, Canadian charities that use cloud services with servers outside Canada should: 

1. Back Up Records Regularly: Make sure to back up all important digital records to a server or hard drive in Canada. 

1. Keep Physical Copies of Important Documents: Even though digital records are important, it’s still necessary to store physical copies of some key documents in Canada. 

1. Consider Using Canadian Cloud Services: It might be easier to use cloud providers that store data on Canadian servers. This can simplify compliance. 

What Are the Privacy Concerns for Canadian Charities? 

Many cloud services are based in the U.S. This can raise concerns about privacy. It's safer to avoid using U.S.-based cloud storage for personal data because your data may be subject to privacy laws like the Patriot Act and other American laws. 

How Does This Affect Your Donor Data Management? 

Here are some ways your charity can better protect donor data and follow the rules: 

1. Back Up Data Locally: Always back up your data to a server or hard drive in Canada. 

1. Ensure Compliance with Canadian Privacy Laws: Make sure your cloud-based donor database follows Canadian privacy laws like PIPA (Personal Information Protection Act), PIPEDA (Personal Information Protection and Electronic Documents Act), or GDPR (General Data Protection Regulation) if applicable. 

1. Stay Updated: Keep learning about privacy laws that affect Canadian charities. 

1. Choose Canadian Servers: Consider using donor database providers that store data on Canadian servers to reduce risks. 

1. Get Expert Help: Reach out to organizations like the Fundraising Lab for advice on managing donor data and choosing the right database system. 

Additional Resources 

For more information, check out these resources: 

• Canada Revenue Agency (CRA): Guidelines on books and records for charities. 

• Office of the Privacy Commissioner of Canada: Information on privacy laws and standards. 

• Fundraising Lab: Expert advice on donor data management. 

By following these steps, Canadian charities can better protect sensitive donor data, meet legal requirements, and build trust with their donors. 

If you’d like support with your database, book a call today to ensure your donor data is as secure as possible.