The presentation begins with an introduction to cloud computing and reasons for its rapid growth and adoption. The focus then shifts to identification of the legal regime regulating an organization’s privacy compliance obligations. There is a specific focus on the requirements for privacy compliance for private sector organizations including a review of the applicable caselaw and a summary of the key contractual terms and best practices arising from the legal developments. The issue of notification if using an out of country service provider is also addressed. The focus then shifts to the requirements for privacy compliance for public sector organizations. This has been much influenced by reactions to the perceived threats of Governmental authorities access to data in the cloud in the context of the USA PATRIOT Act. The presentation reviews the BC litigation and reactions to the perceived threat and the responses by various Canadian governments. The presentation then concludes with a review of additional caselaw and a summary of the key contractual terms and best practices for public sector organizations.