Would you give your data to this company?
Acme Inc, Privacy Policy
We will share personal information with companies, organizations or individuals outside of Acme, Inc. if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Service, blah blah
- blah blah
Acme, Inc, Location
Acme, Inc. is incorporated in the People’s Republic of China and is governed by the laws of this country.
How about this company?
Acme Inc, Privacy Policy
We will share personal information with companies, organizations or individuals outside of Acme, Inc. if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Service, blah blah
- blah blah
Acme, Inc, Location
Acme, Inc. is incorporated in the United States of America and is governed by the laws of this country.
More and more businesses are becoming services businesses who, as part of standard operations, keep sensitive data belonging to customers. Customers, rightfully, scrutinize the “trust stack” of these service providers. What suppliers do they rely on? Are the suppliers trusted? For example, does my service provider use an IaaS like AWS and what does that mean to me?
At the bottom of this trust stack is the country of operations. What laws govern my service provider? It doesn’t matter how much I trust my service provider if I cannot trust the government of the country in which it operates.
What does it mean to American service providers that the government of USA, as a matter of standard business practices, acquire all data held by service providers? How can the service provider offer any guarantee to its customers that this data won’t fall in the wrong hands?