For customers to effectively exercise their right to control their data, they must have access and visibility to that data. They must know where it is stored. They must also know, through clearly stated and readily available policies and procedures, how the cloud provider helps secure customer data, who can access it, and under what circumstances.