With a rapid growth of data storage in the cloud, data integrity checking in a remote data storage system has become an important issue. A number of protocols, which allow remote integrity checking by a third party, have been proposed. Although those protocols are provably secure, the data privacy issues in those protocols have not been considered. We believe that these issues are equally important since the communication flows of integrity proofs from the cloud server should not reveal any useful information of the stored data. In this paper, we introduce a new definition of data privacy called 'IND-Privacy' by an indistinguishability game. It is found that many existing remote integrity proofs are insecure under an IND-Privacy game. It is also found that by adopting witness indistinguishable proofs, the IND-Privacy is achievable. We provide an instantiation that captures data integrity, soundness and IND-privacy.