I recently ran into some concerns about using US-based cloud or IaaS servers for hosting Canadian University sites that may collect user data. I recall this question first arising some years back with the introduction of the US Patriot Act, which arguably could contradict Canadian privacy law.
A recent ruling on this question by the Ontario Privacy Commission is pretty definitive: http://blog.privacylawyer.ca/2012/09/ontario-information-privacy.html The bottom line seems to be that the physical location of the hardware running the service is not considered relevant, as long as good privacy and security practices are followed.
For the other Canadians out there: What is your University's policy on US-based clouds and services? Do you use them? Is US law a factor in that decision?