The risk to UK firms is significant
According to our ISO. He's stated that if there were to be a breach of safe harbour and/or personal data is leaked, our company would be liable - irrespective of whether it was to the US government or not.
Being *very* conservative, our exec team have banned any US linked cloud provision.
So either firms using the cloud are relying on incorrect counsel, or they haven't asked for counsel, or they have asked for it, or our ISO is mistaken (or overly cautious). Given I know their qualifications, and not that of anyone else, I trust their version of the truth.
Or, is everyone using the cloud securely encrypting their data before it leaves their networks ?