Ask a Lawyer and Get Answers to Your Legal Questions
Thank you for your question.
The law applies the same to any cloud service as it would to an accountant in a brick-and-mortar firm in your own town: All records are confidential and privacy rights reign supreme UNTIL someone serves a subpoena on them.
As far as hacking and data breaches, that is more of a technical/computing security question than a legal question. Data breaches obviously involve someone breaking the law, but we all know how much of a "deterrent" being illegal is. Or isn't. Generally, there is usually more danger from someone "social engineering" their way into a company's computer system by tricking an employee into revealing a password, or just guessing the more commonly used INSECURE passwords like firstnamebirthyear, the name or birthday of a spouse or relative, or the name of that person's favorite sports team.
Unfortunately, most computer services have "terms of service" which release them from any and all liability for anything that might go wrong, including data breaches. Those contracts are generally binding. Read them carefully. As a business protection matter, it might be wise to look into whether the general liability insurance policy covers the business for loss of customer privacy (if that business has customers whose data could be breached), and if the property and casualty insurance policy provides compensation for monetary losses from the business being the victim of a data breach. I do not know if such coverage is offered, but it *should* be.