Leading U.S. telecommunications providers may have given a U.S. intelligence agency millions of phone records. Multinational businesses should re-examine the risks of using service providers in the United States.
Recommendations for businesses with international operations
* Ensure that you have a clear understanding of the data interception practices in any country where you do business, and of any service provider you are considering using.
* Determine whether alternative hosting locations are available for EU or Canadian personal data or e-mail, Internet traffic and other communications. Prepare contingency plans for moving such data to alternative locations if it becomes necessary due to regulatory or customer demands.
* Have your legal counsel prepare detailed questions for your service providers, so that you clearly understand how these providers respond to requests from law enforcement agencies and other government bodies — in the U.S. and other countries — for access to, or interception of, personal data.
* Require that all service providers notify you as soon as possible when an interception request has been received.
* Negotiate clauses in all service provider contracts that allow for early termination without penalty if you believe inappropriate access has occurred.
http://www.gartner.com/DisplayDocument?doc_cd=140804&ref=g_homelink