No organisation should place any sensitive personal data in a cloud service without understanding the implications for regulatory compliance. It’s easier said than done, however. The whole point of cloud computing is that you shouldn’t have to worry where the data is held. Unfortunately, legal requirements demand otherwise.
The ideal solution is for Cloud computing vendors to deliver appropriate assurances to customers. But so far there’s little indication of this. And working out what legislation applies in each country can be a difficult task for customers, especially as it’s a moving target.
One source that will help is Forrester Research’s privacy ‘heat map‘ which provides high level information on the data protection and privacy across a range of countries. It’s a useful starting point for anyone contemplating offshore services.