The USA Patriot Act, enacted in October 2001 by President George Bush, allows law enforcement to access all forms of communication for terrorist activity. In daily life, this means that any personal phone calls, emails, business transactions and virtually any communication could potentially be monitored by the government without the parties’ knowledge. However, what does this mean for cloud data that is not stored in the USA?

In years past, the Safe Harbor Act protected all data within the European Union from being transferred to other countries that do not meet certain standards of privacy. In the legal community, this can cause headaches for collections agencies and vendors who must keep up with these regulations. Recently, though, Gordon Frazer, the managing director of Microsoft UK, admitted that “Microsoft cannot provide…guarantees” that cloud data will be exempt from the USA Patriot Act. He continues, “Neither can any other company.”

Zack Whittaker, a writer for ZDNet covered this long-awaited admission, stating, “While it has been suspected for some time, this is the first time Microsoft, or any other company has given this answer.” So, what does this mean for collections agencies and law firms? Whittaker states, “Any data which is housed, stored or processed by a company, which is a US based company…is vulnerable to interception and inspection by the US authorities.” This could mean a change in policy for collections agencies, as the strength of the Safe Harbor Principle diminishes. In the future, we could see foreign collections regulations slacken as the Patriot Act’s scope continues to spread.