• Noncompliance with privacy laws. Companies that use the cloud to host data might run afoul of data regulations without knowing it. For example, US healthcare or financial companies might be offloading data to the cloud without understand that HIPPA and the Gramm-Leach-Bliley Act restrict disclosing this type of data to third parties without prior contractual agreements in place.
• Nonspecific contract language. Companies should check the small print for terms that let cloud vendors access or use data for marketing purposes such as targeted ads.
• Location, location, location. Countries have different privacy regulations; some more lax, some more stringent. Companies must be aware of where the cloud vendor maintains its operations.