Nadrek (3/20/2014)
PHYData DBA (3/20/2014)
In the last ten years I Have had the pleasure to work.With at least four different offshores that demanded real copies of databases to use in the development of their product.
Three of them ended up having to admit that they sold some or all of this data.
The forth pointed out that this would be a possibility that they would not be liable for in their contracts up front.
Do you have any links to public documents on this, preferably court cases or news articles? This would be an amazing cautionary tale for what can happen when you send data to outside/out of country vendors.
The Congressional Hearings about Targets Breach is the only start at any public forum mentioning this -
http://www.huffingtonpost.com/adam-levin/target-hearing-highlights_b_4733596.html
There are two reasons for a total lack of public record on these data breeches from third parties:
1 - All the major offshore Countries have no law of any kind requiring any private party to report data breaches of any nature.
Even If all the data your offshore vendor had access to walked out the building every day via employee thumb drives and was sold seconds later, they never have to report it ever. If they do, most contracts have a binding arbitration agreement about "data loss" that will keep it out of public record.
2 - 90% of the legal battles over this are settled either out of court or via a binding arbitration agreement. Both of these have no public record.
That is why it is so important to "corrupt" data you send out to third party's.