On the other hand, Jeff Kalwerisky, chief security evangelist at Alpha Software and a former executive at Accenture's risk management consulting practice, said that while some of the privacy concerns are valid, technology fixes are available for many of them.
For instance, encrypting data, both while it's stored on a cloud vendor's servers and being transmitted to end users, mitigates some of the privacy risks associated with accidental or malicious exposure of the information, Kalwerisky said. In addition, implementing a two-factor authentication scheme for controlling access to data hosted by a cloud vendor will ensure that only users who have legitimate access to the data will be able to see it, according to Kalwerisky.
"You've got to think about some of these things carefully," he said. "But if you do all of it right, and you do all of it upfront, there isn't a heck of a lot of difference whether you [store data] yourself or if a cloud provider does it."
"It's not that there's anything sinister going on with cloud computing," Gellman said. "But information may be at risk for disclosure or uses that you didn't anticipate, and that may have legal consequences for you."