Re: OK, let me get this straight..
(responding to two separate posts)
Our organisation outsourced to MS - specifically because their servers are inside the EU.
Ah, but you're now hitting issue no 2: legal leverage. If you use services from a company with a US HQ, than the US deems your data to be within reach - that's what the whole fight with Ireland is about AFAIK that still hasn't settled, because US law says it can, and MS knows full well that all hell will break loose when that is finally confirmed with no further route of escalation (because it's a simple, straightforward application of law with very little room for creative re-interpretation). That's also why that one gets so many amicus briefings: it is legally flat out impossible for *ANY* US based service provider to protect your privacy to EU requirements, and they really, REALLY don't want that to be displayed and simplified by case law. I give this at best another year.
What you're saying is that your management values cost cutting over the privacy of its customers. Fair enough, that's a business decision that may work as long as you're honest about it with your customers, and not try to hide it like VirginMedia was pretending it wasn't simply relabelling Gmail, and it's still a shade better than MessageLabs who pretend to be all EU, but usually have the same US based host in the backup MX records at IP address 18.104.22.168. It's camouflaged from casual discovery, but not hard to discover for anyone familiar with how email works and access to a Linux, BSD or OSX command line.
_ALL_ email is the equivalent of being written on a postcard, even if the client-server and server-server transactions are encrypted (which is increasingly the norm now but rare 15 years ago)
This was drummed into everybody using the Internet 25+ years ago. It's only since the telco-based 900-pound gorilla ISPs moved in and started marketing everything as "easy" that this truism has been forgotten.
First of all, if you can guarantee an encrypted transfer path you don't have cleartext - this is where most email falls down because a sender normally doesn't have control over the MTA-to-MTA part of the process.
The only way to ensure privacy is to encrypt your messages _before_ sending them and keep them encrypted. Decryption is for display, not storage.
That has problems too because you're still disclosing meta data. Secondly, I have yet to see a key handling system that was user friendly and doesn't involve someone spending the entire days handling certs, key generation etc. *That's* why stuff like PGP didn't take off.