I'm reminded of the breach reported by Britain's National Health Service in 2014 (http://www.theguardian.com/society/2014/mar/03/nhs-england-p...), where data was uploaded to make use of Google's big-data sifting technologies in violation of NHS policy about secured storage of British citizenry PII.
The irony that the data had been uploaded to a physically secured, encrypted datacenter network from 27 DVDs in the possession of someone who could do whatever they wanted to with the contents of those DVDs without audit was not lost on me.
I don't reference this to imply it was good and proper use of the data; merely to note the difference between policy security and actual security.
That's not cynical at all, and the reason why Amazon is currently working on building DoD approved data centers (Not sure if it was in mainstream news... I saw it when I was browsing job listings)
The irony that the data had been uploaded to a physically secured, encrypted datacenter network from 27 DVDs in the possession of someone who could do whatever they wanted to with the contents of those DVDs without audit was not lost on me.
I don't reference this to imply it was good and proper use of the data; merely to note the difference between policy security and actual security.