Thomas just posted a really interesting item about Saleforce.com launching a service to create sandbox/development systems which, according to Thomas, appears to be a copy of a live production system that a SFdC customer would have. Being astute as he is (SAP has some very smart people) Thomas notes that this service may be illegal under UK, and potentially EU, data privacy regulations which prohibit the use of real people data in development systems.
The immediate question is whether or not Saleforce.com's new service is legal in the EU, and another more interesting question is whether or not Salesforce considered the legal requirements of the regions they operate in when they conceived this service.
At least over here the terms sandbox and live data probably shouldn’t go in the same sentence. The data captured in CRM systems is typically personal information. (according to the UK Data Protection act of 1998 personal data “means data which relate to a living individual who can be identified”)
This issue of global regulatory compliance is a huge issue, as ebay, google, and yahoo have discovered in recent years. As enterprise software companies increasingly rely on subscription services they are also subject to increased regulation from any of the countries they have customers in.
Traditional enterprise software has always been subject to regulatory compliance within the software we developed, but of course we always had the option of not shipping a product to a country where it was not in compliance. With online services this is a much more difficult proposition, even though it is still possible to simply not accept new users from countries where the products are infringing.
Irrespective of the above, it is still an essential function within a company shipping products or services across borders that they monitor and take into account in the product planning function the legal requirements they are subject to.
"Understanding the mass of law that impacts software globally is not easy. What may be perfectly sound business practice in country A is illegal in country B. That is why things like global HR systems and global CRM are complex. The German user group have a 120 page guide to the legal issues around this just for CRM. Data Protection law is a big, messy complex area. Too many software firms, consultancies and customers don’t take it seriously enough."
Technorati Tags: enterprise software, salesforce.com, legal