When users store their data with programs hosted on someone else’s hardware, they lose a degree of control over their sensitive information. The responsibility for protecting that information from hackers, internal breaches, and subpoenas then falls into the hands of the hosting company rather than the individual user. This can have many possible adverse consequences for users.
The location of the host’s operations can significantly impact a user’s rights under the law. The location of the records might not be disclosed in the terms of service or might be changed without notice. This could have substantial legal consequences.
Government investigators or civil litigants trying to subpoena information could approach the hosting company without informing the data’s owners. The hosting company generally does not have the same motivation as the user to defend against disclosure of the information.
Some companies could even willingly share sensitive data with marketing firms. So there is a privacy risk in putting your data in someone else’s hands. Obviously, the safest approach is to maintain your data under your own control.
There is also a risk that the host might shut down its operations, declare bankruptcy, or sell the business to another provider. What might happen to your data if that were to happen?
One of the problems with cloud computing is that technology is frequently light years ahead of the law. There are many questions that need to be answered. Does the user or the hosting company own the data? Can the host deny a user access to their own data? And, most importantly from a privacy standpoint, how does the host protect the user’s data?