Re: Security Concerns
Yes. That was my point. Analyzing and weighting individual threats is, at best, an exercise in masochism after you've abrogated internal data oversight and controls.
Ignoring technical risks and legislative tricks, you're a passenger on someone else's policy train the moment you entrust your data to anyone else. You not only have zero input in their policies, threat assessments and risk management techniques, you don't even have the right to know anything about those elements. The moment you pay that first invoice you have given your approval of whatever it is they choose to do internally. Retroactive responses via the courts are your only remaining option and retroactive responses and security can't coexist.