A web host receives requests to access your data and has the power to ignore it. They should however, do the opposite when the request is from a country outside the Privacy Shield. But information should only be sent to countries that have laws to protect the private information.
Law enforcement agencies also have the authority to view your information. Chances of the FBI coming in and demanding possession of your servers is very real. To avoid tangling with the law enforcement agencies you should communicate with them openly. Developing a relationship with an FBI liaison before the problem arises is recommended. The FBI liaison should be invited for a tour of the business and briefed on all activities and operations. The Office of Foreign Access Control which is a part of the United States Department of Treasury administers and enforces trade sanctions keeping national security in mind. Web hosting companies should be familiar with this organization and its personnel.
The web hosting companies should also be fully aware of all their customers and the organizations that are involved in their businesses. For example, a healthcare company must be in compliance with HIPAA which is regulated by the Department of Health and Human Services. Such companies are under Federal Trade Commission’s watchful eye.
(Additional Reading: Cloud Hosting; What Is It Really?)
How Should Law Enforcement Be Handled by Web Hosts?
The web hosting company’s team should know that their firm is not being targeted by the law enforcement authorities. They should be trained in handling information requests before such an event takes place. A process should be developed for when the company is subpoenaed. The case could be a civil one or a criminal one. It is important to respond well to the law enforcement’s inquiries but it is not necessary to be compliant. The employees should be informed on illegal requests which only disrupt operations.
How Can a Hosting Company Recoup Costs?
A web host can charge the law enforcement authorities for the time they lost dealing with the information request. The process is lengthy but it is workable. For that the company need a clause in your Terms of Service that allows them to charge the costs of civil and law enforcement compliance.
It is the job of law enforcement agencies to enforce regulations therefore it is better to help the organizations like the FBI do their jobs.
— ChinaHoster (@chinahoster) 10 de febrero de 2017