To what extent are hosting providers responsible for ensuring the privacy of user data?


New member
How much should hosting providers do for our data privacy? Share your take, especially on the security side – seems like it's not getting enough attention.
Not sure I understand the question.

Are you just talking about the relationship of a user and their host, or the users' clients' also?

Are you meaning, how much should a host be responsible for the actions of the accounts that people have hosting with them, and in turn, the protection of that information of their clients?

I know for when we were running a hosting company, we ran several vulnerability checks on behalf of our hosting clients and passed that information along to them. We were also involved heavily with PCI Compliance, so we had version scans that ran on a server level and we also extended those scans to our client's individual accounts too.

But when you start going 3 levels deep, that really can put a lot of taxation on your own resources needed to execute scans and investigations. I guess it all depends on the pricepoint of services at that stage.
If you are referring to user information, the GDPR and CCPA rules have been established to regulate these matters in Europe and America.
If you are referring to the information stored by the user on a hosting service provider, the responsibility for its security is shared between the service provider and the user. The service provider is responsible for a portion of the security measures, while the user has a role in ensuring the security of their own information by properly using the service.
In my opinion, it would be more comprehensible if the responsibilities of the parties were explicitly defined in the TOS of each service provider, and users took the time to read and understand them.
When you mention security site do you mean like data breaches ?

I think most / large providers try their best to secure everything, but every now and then, they do get breached.

GoDaddy has been breached every year since 2020..

Digital Ocean was breached in 2021..