BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
You should also pay attention to what the policy covers in terms of different geographies. For example, if I have data that can't leave the US, then the provider should have geographic controls and constraints as part of their policy.
NSA scandal spurs cloud privacy innovation
What you can expect from a cloud service level agreement