How can organization monitor their CSP and provide assurance to relevant stake holders that privacy requirement are met when their PII( personally identifiable information) in the cloud?
An alternative approach is to not trust the Cloud Provider at all and use techniques like data de-identification via encryption or tokenization (an intro is in the second link) to protect data. With this approach, no visible PII is stored in the Cloud. Companies like Perspecsys (first link) can do this automatically with data coming in and out of an organization.
http://perspecsys.com/
Article Enhancing Cloud Security Using Data Anonymization