Most, but not all, of the world's leading cloud providers - Salesforce, Amazon, Google, Rackspace, et. al. - are hosted in the United States. This means that data contained in U.S.-hosted clouds is subject to U.S. laws governing security and privacy, which further means that the laws of the United Statesgovern the data used by your foreign subsidiaries hosted in U.S. clouds, and it applies to their clients and customers as well.
Essentially, data is subject to the laws of the legal jurisdiction in which the cloud that hosts it is located, wherever that may be at any given time. Call it data sovereignty.
CFOs whose businesses use cloud systems across their overseas subsidiaries need to be aware of the legal and regulatory frameworks of each of the countries in which their subsidiaries operate. CFOs should also be concerned about the fact that, in the cloud, data may move swiftly across a number of international legal jurisdictions as providers distribute workloads in an attempt to optimize the capacity and efficiency of their servers, and each jurisdiction the data visits may bring with it varying compliance requirements.
