The Office of the Comptroller of the Currency (OCC) announced on August 6 that it had issued an $80 million civil penalty against Capital One, N.A., and Capital One Bank (USA), N.A.

The OCC cited noncompliance with 12 C.F.R. Part 30, Appendix B, “Interagency Guidelines Establishing Information Security
Standards.” Similar versions of these standards apply

Over the last two years more and more clients have requested that we assist them with moving some or all of their business to the “cloud.” Some of these clients want to use a service that would result in sensitive information being stored on the servers of a third party service provider, such as web-based email, Salesforce.com, Google Docs. As much as each of these businesses have heavily debated the pros and cons of moving to the cloud, rarely do they consider where the cloud is physically located. However, businesses do not always consider that the information that is stored in a cloud-based service may be physically located on servers not situated in the United States. Having your business information located in a foreign country can easily (very, very easily) lead to loss, unauthorized private and governmental access and the tripping of the myriad of existing laws, rules and regulations.
Continue Reading Moving to the Cloud: Making Sure You Know the Location of the Cloud