Are your data backup procedures compliant with CBSA requirements?

by Stephen Pyott

Understanding the transportation and logistics industry, Canada Border Services Agency regulations and the Patriot Act as they relate to your data can mean the difference between keeping your trucks on the road or having them parked while you face steep fines and other penalties.

What are the data backup and retention requirements for the logistics industry? In short: ACI and ACE e-manifests must be kept for three years plus one current; CBSA regulations require six years of data retentions to be available upon request; and the Patriot Act requires that your data be stored on Canadian soil.

Is your company compliant? If you answer: “Yes, we’re backed up,” don’t be so sure.

The reason? Many companies mistakenly believe their data is safe and they are compliant because they are paying a third-party vendor to host their infrastructure in the cloud. This is a common mistake. Do not assume that you are in full compliance when your infrastructure is hosted by a third party.

Here’s a common scenario: A logistics company chooses a third-party vendor (such as Telus or Bell) to host their infrastructure and back up their data. They believe the services offered will prevent any data loss and keep them CBSA compliant. Warning: Nothing could be further from the truth.

Over 90% of cloud hosting companies only provide seven days of retention. This includes the large cloud hosting companies like Telus and Bell.  

This means logistics companies who rely on them have only a week’s worth of retention – a clear violation of compliance rules.

My advice? Check with the company hosting your infrastructure and managing your backups. Ask for the cost to keep seven years of your data. Expect it to be significantly more than you are paying now. You have other options that will allow you to remain 100% compliant during a CBSA audit.  

Thinking about doing nothing and crossing your fingers? Remember, without seven years of data retention you run the risk of failing a CBSA audit and incurring steep fines.

Studies reveal that 75% of companies that experience a major data loss will not be in business two years later. Data is vital to business and data loss can be insurmountable. Critical data backups and timely recovery are both necessary for compliance and the ongoing success of your business.

In summary: Backing up your computer system is not enough. You are responsible for seven years of data retention.

And proper data retention is not a given, as most cloud hosting companies only offer seven days.

You require: a full backup every night; the ability to go back 30 days or more; 11 monthly backups; a yearly backup archived for seven years; and compliance with CBSA.

How can you ensure that you are 100% CBSA-compliant at all times? Choose your service provider carefully.

Look for: A company that is compliant with The Patriot Act (data must be stored on Canadian soil); seven years of retention; data is encrypted at all times – at rest and in flight; a company that has a proven track record within the logistics community.

Once you have chosen a service provider that allows you to always remain compliant, you can greet the CBSA with a smile and keep your trucks on the road.

– Stephen Pyott is sales manager for North America with Stage2Data, the data backup and recovery experts with over two decades of experience. Specializing in logistics, Stephen has worked with many companies to ensure their compliance and data security. He will be at the Stage2Data vendor table at ExpoCam April 11-13. Visit for further information.

Have your say

This is a moderated forum. Comments will no longer be published unless they are accompanied by a first and last name and a verifiable email address. (Today's Trucking will not publish or share the email address.) Profane language and content deemed to be libelous, racist, or threatening in nature will not be published under any circumstances.