Are you kidding me? This is a very common requirement and one of the reasons larger institutions are building out their own clouds. It's not a requirement for everyone of course, but it's certainly a common theme.
Many in the financial services or healthcare industry. Some of those industries have requirements far in excess of both SOX and HIPAA combined due to SEC scrutiny.