Would you still be making data accessible to an another party? Would that be a party that doesn't already have access to it? I feel as though answering those questions would require some others. For example, I think many hosted webservers store email addresses for non-marketing-email purposes and the webhosting company would technically have some access to those. If the site owner does marketing-email from their existing server, nothing at all may change in terms of who has access to what. If the site owner establishes a relationship with a new marketing email service company, that would increase the parties with access to the email address database.
I felt the need to mention a managed VPS simply because that is one approach for those who can't/won't take care of it themselves. However, it is actually the unmanaged, hardened turnkey VPS approach that I think has greater potential from a data protection POV. I don't think it is truly possible to protect a VPS from its host environment. Even if it were running a fully encrypted filesystem, there would still seem to be at least CPU & RAM vulnerabilities. Still, if someone needed a hosted server and wanted to keep the data it stores as secure as possible, I think this approach could have merit. I think in very many cases the goal is to capture and tie customers to a service that produces recurring revenue rather than sell a product that the customer can run on their own platform. So even if it does have merit, I have doubts that the products available are as rich as they could be if the service hype didn't exist. Most companies put their own convenience above protecting customer data. So even where there would be a robust product solution that is as easy to use and maintain as a service, I'm sure many companies would balk due to it taking more than 5 minutes to bring up and/or it not offering the perceived safety of a "professionally run" service.
This is a sad state of affairs I think, and one which affects us all. Underneath the business hat there is always a consumer hat.
WestHost insures that all personal information being voluntarily submitted to us in the processing of your order (to be used for record and billing purposes, etc.), inclusive, but not limited to, credit card and other personal information, will be kept strictly confidential and used "solely" by WestHost its authorized representatives and employees; for the strict purpose for which it was intended, and for the benefit of the subscriber. We agree not to share, rent, sell or release this information to any individual, entity or third party, for any reason, without the specific written consent of the subscriber; with exception as required by law, regulation or governmental authority. WestHost is committed to protecting and securing all subscriber provided information, through the use of firewalls and additional security measures in place at its physical facilities to protect against the loss, misuse or alteration of such information.
Last Revision September 1, 2002
Perhaps one would argue that Infusionsoft is a representative of Westhost?