Does the US have juristriction over the whole world?
David Goodenough
david.goodenough at btconnect.com
Sun Nov 27 15:45:37 GMT 2011
On Sunday 27 Nov 2011, Roland Perry wrote:
> In article <4ED235F0.2040403 at zen.co.uk>, Peter Fairbrother
> <zenadsl6186 at zen.co.uk> writes
>
> >> You seem to be wanting a degree of micro-management of the supplier
> >>
> >>(and their subcontractors etc) far in excess of a normal contractual
> >>relationship
> >
> >Yes, indeed I do.
> >
> >I have a legal duty to ensure the supplier of data processing services
> >is competent, honest and responsible - he is after all in possession of
> >something I am responsible for.
>
> Do you do the same for your accountants and bankers? Lots of your money
Both Accountants and Bankers are regulated by UK based standards bodies
if they operate in this country, I therefore expect them to operate in a way
that in consistent with UK law.
There is no such regulatuory body for Cloud operators, either nationally
or internationally.
David
> and personal data (self and employees) in their possession. Or do you
> trust them to act lawfully, given that they clearly understand their
> responsibilities (as would the people offering one of these specialist
> clouds).
>
> >>> The duty on a data controller must surely include a requirement to
> >>>
> >>>check whether the parties are at least outwardly law-abiding and
> >>>responsible - otherwise a data controller could store data at
> >>>Crooks-and-Spammers Ltd without penalty.
> >>>
> >> And you do that outwardly check by dealing with a reputable company
> >>
> >>offering a "local cloud" that you can reasonably expect to be law
> >>abiding in this respect (and imposing suitable controls on their chain
> >>of supply).
> >
> >That might work - but I've never come across such a beast.
>
> I'm assured there are a range of cloud services available, including the
> type I described.
>
> >Hmmm, "imposing suitable controls on their chain of supply" sounds very
> >much like "a degree of micro-management of the supplier (and their
> >subcontractors etc) far in excess of a normal contractual relationship".
>
> Their suppliers are one stage removed compared to yourself. So while
> they should be expected to check out the people they rent rackspace
> from, you shouldn't need to. Similarly, while the people they rent
> rackspace from should vet their cleaners, they (or you) shouldn't need
> to, and so on.
>
> >I meant that if the data has to stay in the EU, in most situations it
> >also has to protected as personal data, ie follow the principles etc.
>
> Yes, that's why I'm saying a cloud that stays in the EU should be
> automatically protected because of the harmonisation of DP law.
More information about the ukcrypto
mailing list