For managing partners and operations managers at BC law firms
Managed IT Services for Law Firms in British Columbia
We run IT for law firms across BC: the help desk, the security, and a Microsoft 365 setup that keeps client matters confidential and your data resident in Canada. Most firms start with a fixed-price move off Gmail or consumer email, then stay with us month to month. No long-term contract, an 11-minute average response time, and a senior tech on your account from day one. We are not lawyers, and this is not legal advice. It is IT built for how a firm has to handle client data.
- 81+ Google reviews
- ~15-minute response time
- No contracts, month to month
- Microsoft Partner
The quiet gap in a lot of small-firm setups
A consumer Gmail account or an unmanaged Google setup can work fine day to day. The problem is what it leaves out. There may be no data processing agreement, no MFA enforced on every account, no control over which country the data sits in, and no record of who opened what.
Under BC PIPA and federal PIPEDA, your firm is responsible for client information no matter where it ends up. A setup with no enforced access controls and no logging may create exposure that is worth reviewing.
Google Workspace can be configured to meet these obligations. The risk usually comes from consumer accounts or a setup nobody has locked down, not from the brand on the inbox.
Most owners we talk to are not sure where matter files sit today, whether a former employee still has access, or what their email even keeps a record of. We would rather sort that out now than after a breach or a complaint.
What PIPA and PIPEDA actually say about where your client data lives
You may have heard that storing client data on US servers, or using Google, breaks Canadian privacy law. That is not quite right, and the real picture is more useful to know. We are an IT company, not a law firm, so read this as plain background, not legal advice.
-
The myth: US servers are illegal under Canadian privacy law
Neither BC PIPA, the private-sector law your firm falls under, nor the federal PIPEDA requires personal information to stay in Canada. Storing or processing data on US servers is allowed, as long as you handle it with care. The keep-it-in-Canada rule people remember came from FIPPA, which governs public bodies and not private law firms, and even that requirement was relaxed in 2021.
-
What the law actually asks of you
PIPA's security rule and PIPEDA's accountability principle ask for three things: security that fits how sensitive the data is, staying responsible for any provider you hand data to (with a contract that gives comparable protection), and being open with clients that their data may be processed outside Canada and reachable by foreign authorities. It is about control and care, not a postal code.
-
Where the real risk is for a law firm
Your stronger duty comes from the Law Society of BC. Rule 3.3-1 says you must hold client information in strict confidence, and the Law Society's cloud guidance expects you to do, and write down, real due diligence: where the data sits, who can access it, which laws apply (the guidance names the US CLOUD Act), whether it is encrypted, and whether you told the client. Two things matter most. A free consumer Gmail account does not clear that bar, because there is no data-processing agreement, no admin controls, no audit trail, and the firm does not even own the account. And the US CLOUD Act lets a US-based provider be ordered to hand over data no matter where it is stored, which is a privilege risk a contract cannot fully remove.
-
Why we usually move firms to Microsoft 365
Microsoft runs Canadian data centres in Toronto and Quebec City and offers a written commitment to keep core Microsoft 365 data at rest in Canada. Google Workspace does not offer a Canada option for this; its choices are the US or Europe. Microsoft 365 with Canadian residency, a signed data-processing agreement, encryption, and proper access controls gives you a simple, defensible answer to every due-diligence question. One honest caveat: because both Microsoft and Google are US companies, the CLOUD Act can still reach data either way, so Canadian residency lowers the risk, it does not erase it.
-
The bottom line
It is not against the law to use Google. But as a firm you should be able to say, in one sentence, where your client data lives, who can compel access to it, and whether you have a contract and a record showing you checked. A Canadian-resident Microsoft 365 setup, configured properly, makes that sentence easy to say.
We are an IT company, not a law firm. This is general information to help you ask better questions, not legal advice. For how these rules apply to your practice, check with your own counsel or the Law Society of BC. Confirm sources and figures before you rely on them. [[verify]]
Sources
- OPC Canada, Guidelines for processing personal data across borders
- PIPEDA, Schedule 1 (Accountability principle), federal statute
- BC PIPA, s. 34 (security), provincial statute
- BLG, Changes to BC public-sector privacy law (FIPPA, Bill 22, 2021)
- Law Society of BC, Cloud computing due diligence guidelines
- Law Society of BC, Cloud computing checklist v4.0
- Microsoft 365 Advanced Data Residency (Canada)
- Google Workspace data regions (US/EU options)
What makes us different
A setup built for client confidentiality
Microsoft 365 with Canadian data residency, MFA enforced on every account, encryption at rest and in transit, and audit logging so you can see who accessed what. [[verify]] standard build inclusions. Configured for a law firm's duty to protect client information, not a generic office rollout.
Written policies, not just settings
Our policy program covers about 178 written policies: acceptable use, passwords, incident response, backup and recovery, business continuity, onboarding, and offboarding. [[verify]] Our security lead is a former IDF security officer. When a client leaves or a partner asks how data is handled, you have it in writing.
No long-term contracts
Month-to-month only. If we stop earning it, you leave. That keeps the pressure on us to reduce your risk and your tickets, so we are not just collecting a retainer. We also take 30 percent off all projects and labour, so we are paid to prevent problems, not to bill them.
No junior techs on your account
The senior tech who plans your work is the one who does it. Law firms run on confidentiality, so you are not handing your data to a rotating cast of trainees. There is no onboarding fee to get started.
An 11-minute average response time
When something looks wrong, a lost device or an account that may be compromised, you reach a senior tech fast. Our average response time is 11 minutes. Over 14 years we have kept 95 percent of our clients. [[verify]]
We sit with leadership every quarter
Quarterly reviews where we look at where your data sits, what changed, and what to tighten next. We keep client lists private on purpose, which cuts down on impersonation aimed at the firms we protect. Firms see about an 80% drop in tickets after three months. [[verify]]
Most firms start with a white-glove move to Microsoft 365
The move off Google or consumer email is where we usually begin, then we run it from there. We set up a properly configured Microsoft 365 with Canadian data residency and the access controls a law firm needs. Four to six hours of labour, with a no-downtime guarantee. Your inboxes, calendars, and files come across without a gap in service, and we are on site on cutover day. Most firms land between $1,500 and $5,000 depending on size, and we tell you the exact number before you commit.
- Setup, demo, and a revision pass before anything goes live
- Full migration of every mailbox with nothing lost
- Canadian data residency, enforced MFA, encryption, and audit logging
- Deployment to every machine and device in the office
- Staff training so the firm knows the new setup on day one
- On-site presence on cutover day
- 30% discount on all project and labour work, including this move
Results you can measure
Where Does Your Client Data Actually Live? A 15-Minute Self-Check for BC Law Firms on Email and Cloud Setup
Start with a look at your current setup
We will walk through your current setup: where matter files sit, who can open them, and what gets logged. If your setup is solid, we will tell you. If there are gaps worth closing, we will show you what a compliant Microsoft 365 move would cost and cover. No contract, no pressure, and no legal advice. Just a clear picture before you need one. We are based in Burnaby and work with firms across BC.