Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. While cloud computing is expanding rapidly and used by many individuals and organizations internationally, data protection issues in the cloud have not been carefully addressed at current stage. Users' fear of confidential data (particularly financial and health data) leakage and loss of privacy in the cloud may become a significant barrier to the wide adoption of cloud services. In this paper, we explore a newly emerging problem of information leakage caused by indexing in the cloud. We design a three-tier data protection architecture to accommodate various levels of privacy concerns by users. According to the architecture, we develop a novel portable data binding technique to ensure strong enforcement of users' privacy requirements at server side.