I just want to make sure I understand that answer correctly. I apologize; I'm not trying to lay out a trap or anything. This is just to try to get a better understanding of this, with data transiting all over the place. That's part of the objective of this study.
Let's say a bank has an agreement with a credit card company and that credit card company is in the United States. We'll assume that the majority of them operate primarily in the States. If their servers are there, per the agreement you have with them, you would then respect your obligations under Canadian law for the bank if something happened in another jurisdiction relating to the credit card company that affected Canadian clients.