"The US government can request information that is under the jurisdiction or control of a US company," he explains, regardless of the physical location of the data or the nationality of its owners and it can do this in a way that seems to undermine the US-EU Safe Harbour Framework.
Safe Harbour was introduced as a companion to the EU Data Protection Directive (and national implementations such as the UK Data Protection Act) in 2000. Since then, it has allowed for the sharing of data between the EU and US, but only when certain conditions are met - such as the provision of reasonable data security - and this is accompanied by clearly defined and effective enforcement (because the EU has higher data privacy standards than the US).
But earlier this year, when Microsoft launched its cloud-based Office 365 service in the UK, it explained (in its Online Services Trust Centre) just how long the arm of US law is because the Patriot Act can be used to force US-owned companies to reveal EU citizens' data, secretly.
This revelation has troubled some Euro ministers including Sophie in't Veld, Dutch MEP and vice-chair of the European Parliament's Civil Liberties, Justice and Home Affairs committee, who is pushing for clarification.
"The European Commission should make it clear that European businesses and citizens operate under European privacy laws, and that EU institutions can enforce their own laws," she asserts in a blog on her party website. She suggests that EU subsidiaries of US parent companies are breaking European law by meeting Patriot Act requests, and that while these subsidiaries are operating in Europe, EU law must take precedent.
Maugham doesn't see the balance of power tilting quite so heavily in the direction of the US.
"The UK government as well as most EU member state governments can also go to court and get a subpoena to access data from any organisation over which they have jurisdiction," the lawyer points out.
"So while the focus is on the US Patriot Act, most EU member state governments have very similar powers."
But if you are a cautious CFO considering a move into the cloud, you may still feel more comfortable selecting from among the offerings of UK or EU-owned service providers that will be storing your data solely within the UK or EU.
Sign up for Computerworld eNewsletters.