I have a client extremely upset about storing information in a secure folder with SYNC.com and it being in the cloud without their express permission. I have moved it to my desktop and will hardcopy everything to my filing cabinet.
Thoughts and suggestions about secure Canada based cloud storage.
Thanks
I believe SYNC meets your needs. Ask them to confirm.
Yes, I use Sync also, simply because it is a Canadian company and none of the information is shared with the US where back doors exist to provide data to gov’t agencies (FBI, etc) without the clients or our express consent. For instance, here is the Transparency Report for Dropbox, where from Jan to June, 2021, 19.7% of the search warrants received were accompanied by court orders for non-disclosure of indefinite duration.
Dropbox Reports: Reports - Dropbox
Most of my files are shared via e-Courier.com, also because it’s Canadian and because Expiry Dates can be set up to one year. “When the lifetime has expired, if all recipients have completed the e‑Package, its files (if any) are e‑Shredded. If however the sender is a subscriber and one or more recipients have not completed it, it is returned to the sender unless it was sent more than one year ago.”
Back doors are not required in the US. They have the Patriot Act and can walk in the front door. Companies may not refuse a FISA warrant.
But that is also little consolation when even Canada > Canada data transfers MAY occur across US nodes and termini (think Hurricane Electric which Shaw uses all the time). Data crosses the border without you even knowing.
The appropriate measure would be to state how and where you store your data, the security methods involved in keeping it safe (eg bitlocker on local machines, encrypted storage and encrypted servers in the cloud, VPNs etc) in a general way, and let the clients decide whether that meets their needs. If not…they can go somewhere else where people still do taxes with paper and pens. Good luck with that.
Doesn’t the CRA keep all of their information in the cloud? Just because the client may not have a CRA My Account doesn’t mean their income tax data is stored on a CRA server that is not in any way connected to the internet.
It’s kind of an odd thing about people’s concern with privacy and confidentiality. Most people in Canada have a bank account. That account involves a fiduciary contract between the account holder and their bank. Could you imagine a world where a government could just step in and order private accounts be frozen. 
Exactly As stated by @snoplowguy. Everything is in cloud and is no more up to an individual. Privacy and confidentiality are things of the past. I inform my new clients about it. My only concern is security of the data and how to minimize the risk of it being compromised by the wrong people.
My understanding about sync.com is that it is encrypted when downloading and uploading, unlike other services like Dropbox and being in Canada checks off everything we need.
I do ask permission to share documents on sync before doing so.
I am switching to a NAS (Network Attached Storage) system for all my tax and accounting files. It has built in storage redundant back up and allows access from anywhere in the world as long as I have an internet connection. This is cheaper and more efficient. An 8TB system completely set up will cost under $1500. It will 4x2TB hard drives, of which 2 drive act as redundant back ups. Oh and all the equipment is no bigger than small home office size printer and will be held in my offices.
I have used a Synology NAS since about 2005. It’s a terrific system. Easy to access, relatively easy to setup, highly configurable, and built-in backup software. I have a new system at the office and an older one at home. I’ve been trying to setup the remote backup to my home system but haven’t succeeded in that one yet. I have a 2TB drive and have plenty of available room.
That’s awesome Kevin. The Synology NAS system system is exactly what I am getting. Question for you. Why do you have a different system at home vs. the office?
My original box was a few years old. There was a sale on the newer model. I wanted to get an off-site backup at home and have a home NAS for movies, photos, and other family files. Everything’s worked except the off-site backup (what I really need/want). It’s a summer project (but hopefully not one that extends to the fall).
totally makes sense
So the problem with a NAS, vs “versioned” backup…is ransomeware.
Once connected, your NAS or dropbox (or OneDrive) will also be encrypted. Versioned backups will not be, unless a deeper penetration has been made.
So the question I have now, do I have to make my clients aware of how and where I store their information to make sure I have it for CRA? Do I simplify and keep a paper copy of each T183, Auth a Rep, etc. And not worry about other info I have collected?
I also have a Synology NAS that I purchased maybe around 2015. Most of my files are on the NAS which gets backed up to the cloud every night. I also use a service called Netdrive (formerly Bdrive) which essentially mounts the NAS as a local drive from anywhere in the world.
Essentially, when I turn on my notebook or the cottage computer and double click on my drive Z within windows explorer the NAS opens with a SSL connection. Other than a slight lag sometimes you can’t tell the drive isn’t a local drive. If I have software installed on the NAS it will run remotely as if the software was actually installed on the local machine.
I find it works pretty slick.
Interesting. I have a Synology NAS my IT guy put in a few years ago and it stopped liking to my computers last year some time. Now it is mostly a desk ornament. Wish I knew how to make it work.
Pat Gamborg
PAT’s OFFICE
1354 Fed Road
Bear River NS B0S 1B0
902-467-3358
A NAS is just a dumb network device. If you can “see” it on the network there is no reason it shouldn’t work. IF it’s stopped linking to the network one of a number of things has happened:
One way or another reconnecting it should be a relatively trivial exercise unless it’s the first one above. Assume you have turned the device off, left it for a few minutes and turned it back on.