Morrison & Foerster recently released this summary of the legal issues surrounding Privacy in the Cloud.
The summary suggest, as I always encourage, that organizations should encrypt their data before uploading it the cloud. (See my post on doing this with RackSpace file hosting). Of course, this may not always be possible when utlizing SaaS (Software as a Service) because the software may need raw access to your data to perform necessary functions. My primary word of advise is don’t take companies word on what they can deliver in terms of data protection and security: test, test and retest.
H/T: Next Practices