For our Canadian customers, we are bound to comply with the Canada Privacy Law (http://laws.justice.gc.ca/en/P-21/index.html) which clearly prohibits the export of sensitive or government data. Furthermore, The Patriot Act in the USA poses additional threats to Canadian privacy law:
The Act permits U.S. law enforcement officials, for the purpose of an anti-terrorism investigation, to seek a court order that allows access to the personal records of any person without that person’s knowledge (http://www.tbs-sct.gc.ca/pubs_pol/gospubs/TBM_128/usapa/faq-eng.asp#Q1)We must be very diligently evaluating the kind of Data that would be hosted in a CRM Online organization and where this data is to physycally reside. I wouldn't imagine Microsoft opening data centers in every country but I also imagine this to be a very common problem. It would be interesting to know what strategy does Microsoft envision or offer to deal with this kind of restrictions (if any).