Re: The risk to UK firms is significant
According to our ISO putting data in a US cloud is fine because personal medical data leaked to a US govt organisation like the NSA is OK because they have a duty of confidentiality - it is no different from an FDA inspection.
But keeping patient data locally, unless we could demonstrate that we have the same level of disaster recovery, redundancy, n*9s uptime, physically separated data centers etc that Amazon,. Google,. Microsoft can boast - would make us liable for "failing to follow industry best practice".
Strangely it was a US consultancy that advised us of this.