[fixermark]

I'm reminded of the breach reported by Britain's National Health Service in 2014 (http://www.theguardian.com/society/2014/mar/03/nhs-england-p...), where data was uploaded to make use of Google's big-data sifting technologies in violation of NHS policy about secured storage of British citizenry PII.

The irony that the data had been uploaded to a physically secured, encrypted datacenter network from 27 DVDs in the possession of someone who could do whatever they wanted to with the contents of those DVDs without audit was not lost on me.

I don't reference this to imply it was good and proper use of the data; merely to note the difference between policy security and actual security.