[spikels]

The terms of these agreements seem pretty arbitrary and probably present a false sense of security. Properly encrypted data in the cloud is completely secure. In fact it should be impossible to tell from random bits.

On the other hand data on an encrypted disk is not exactly the same thing. It must be made available to the OS whenever the user is logged in. Any breach in security say from an email attachment or malicious website would expose its unencrypted contents.

I wonder what the required policy is for backups? Can they be stored on servers if encrypted? Remote servers?