(no title)
figgis | 7 years ago
You are still processing that data. Part of processing that data involves you shipping it off...
> What if the code that forwards that data is written by another company and I'm just hosting it on my site? Everything goes through their code and I'm paid to just setup a website to host their code.
You are as responsible, if not more, in making sure that compliance is met. You are the one hosting the code. The data is moving through your servers.
> Maybe I do collect info in CA but I sell the data for $1, but the company also buys some consulting services for the actual price of that data that I'm selling them?
That's just being a jerk. But better hope you don't pass the 50k mark...
Novashi|7 years ago
>The data is moving through your servers.
So if a random company gets breached, everyone involved from cloud providers to ISPs are also responsible because they facilitated moving and storing the data and they are just hosting code?
This is problematic. Cloud providers give you permission to publish code. I could position myself to allow another company to publish code on my popular website to collect data and my role is basically no different than a cloud provider. We don't have to agree that is what it's specifically for, I just need to give them access to upload their own code for whatever expensive fee.
figgis|7 years ago
ISP's aren't (supposed to be) "storing" that data. They are transferring bits between computers. You on the other hand are hosting a website with some sort of form that people input PII into. You are accepting that PII, whether or not it gets forwarded or not is irrelevant. You are processing it. So do your due diligence, contact your users and let them know what is going on, and speak with a lawyer for more information.