In short, many vendors go to great expense to vet, audit, and limit the number of employees who could potentially access customer data. Some will geo-locate physically separate systems under separate administration according to regional necessity.
Sure, but this can only be appreciated if the relationship is large enough to have an explicit non-changeable contract and routine auditing. From any lone consumer's point of view, "cloud" providers are black boxes that will probably try to limit the damage a rogue employee can do, but any methods or promises can change overnight based on business needs.
Especially knowing that x% of those employees will have left the company in 5 years, and y% of those will have taken private copies of customer data with them.
