Looking at the Mozy privacy statement, they have the regular reassuring bit:
We will not sell or market the email addresses or other collected personal information of registered Users to third parties.
We will not view the files that you backup using the Service.
We may view your file system information (file extensions, sizes etc. but not your file contents) to provide technical support.
That’s all fine. The part that worries Søren is this:
Mozy, Inc. may disclose Personal Data, including the data you back up with the Service, with or without notice (a) if required by a subpoena or other judicial or administrative order, (b) where required by law, or (c) at our sole discretion, where we deem it necessary to protect the safety of any individual or the general public or to prevent violation of our User Agreement or the rights of Mozy, Inc. or any third party.
Points (a) and (b) are obvious. Mozy’s privacy statement would of course have no effect over the requirements of the law – while it may still worry people outside the US, it’s not really something that can be a surprise to anyone. The strange bit comes at (c). Mozy may disregard the privacy closes at their sole discretion. Basically, they’ve written up these nice privacy statements, but may choose to ignore them if they so wish.
Come on now – you can’t be serious? Apparently, according to someone who seems to be an employee, they are. The post doesn’t mention the last of the three clauses, though, but merely the cases of administrative order – which neither Søren nor I are trying to contest. Since when have Mozy become the protectors of the public, though?
Søren wrote a reply post, which I think you should read. I will be keeping an eye on this case, as I think it’s quite interesting to see if Mozy can come up with any explanation for wanting to give themselves the power to start protecting the public from their users.
Update: Søren also posted a comparison of various privacy policies. Good read as well.