When we use cloud technology, we have no idea where in the world the intellectual property or sensitive private customer information will end up. To save costs, cloud service providers can locate their data centers anywhere in the world. If the cloud service provider's hosting service then chooses to sell/share/use that information, the company will have a tough time enforcing privacy/copyright laws outside of its jurisdiction.

The company would also have a hard time trying to prove it has done all it can to ensure it is complying with customer privacy laws.

In short, the cloud is not really ready for corporates yet, I believe CIO's and CTO's should be doing all they can to ensure policies and and security is in place to ensure the IT department is not bypassed. The IT department have the required skills judge if and when the cloud is right for corporate use.