Does the US have juristriction over the whole world?
lists at internetpolicyagency.com
Sun Nov 27 14:37:22 GMT 2011
In article <4ED235F0.2040403 at zen.co.uk>, Peter Fairbrother
<zenadsl6186 at zen.co.uk> writes
>> You seem to be wanting a degree of micro-management of the supplier
>>(and their subcontractors etc) far in excess of a normal contractual
>Yes, indeed I do.
>I have a legal duty to ensure the supplier of data processing services
>is competent, honest and responsible - he is after all in possession of
>something I am responsible for.
Do you do the same for your accountants and bankers? Lots of your money
and personal data (self and employees) in their possession. Or do you
trust them to act lawfully, given that they clearly understand their
responsibilities (as would the people offering one of these specialist
>>> The duty on a data controller must surely include a requirement to
>>>check whether the parties are at least outwardly law-abiding and
>>>responsible - otherwise a data controller could store data at
>>>Crooks-and-Spammers Ltd without penalty.
>> And you do that outwardly check by dealing with a reputable company
>>offering a "local cloud" that you can reasonably expect to be law
>>abiding in this respect (and imposing suitable controls on their chain
>That might work - but I've never come across such a beast.
I'm assured there are a range of cloud services available, including the
type I described.
>Hmmm, "imposing suitable controls on their chain of supply" sounds very
>much like "a degree of micro-management of the supplier (and their
>subcontractors etc) far in excess of a normal contractual relationship".
Their suppliers are one stage removed compared to yourself. So while
they should be expected to check out the people they rent rackspace
from, you shouldn't need to. Similarly, while the people they rent
rackspace from should vet their cleaners, they (or you) shouldn't need
to, and so on.
>I meant that if the data has to stay in the EU, in most situations it
>also has to protected as personal data, ie follow the principles etc.
Yes, that's why I'm saying a cloud that stays in the EU should be
automatically protected because of the harmonisation of DP law.
More information about the ukcrypto