Microsoft adopts first international cloud privacy standard

Computer with an at symbol

Microsoft has adopted the first-ever standard for cloud privacy which will assure its customers their privacy online will be protected in several ways.

ISO/IEC 27018:2014 Information technology – Security techniques – Code of practice for protection of personally identifiable information (PII) provides a consistent international approach to protecting privacy for personal data stored in the cloud. The British Standards Institute has independently verified that Microsoft’s Azure, Office 365, and Dynamics CRM Online are aligned with ISO/IEC 27018’s code of practice for the protection of Personally Identifiable Information (PII) in the public cloud. Similarly, Bureau Veritas has done the same for Microsoft Intune.

Protecting privacy online

Customers will only use services that they trust. Meeting the requirements in ISO/IEC 27018 for protecting Personally Identifiable Information (PII) in the public cloud assures Microsoft’s customers their privacy online will be protected in several ways.

  • Customers are in control of their data – Microsoft will only process personally identifiable information as instructed by their customers.
  • Customers know what’s happening with their data – ISO/IEC 27018 ensures transparency about Microsoft’s policies for the return, transfer, and deletion of personal information stored in Microsoft’s data centre.
  • Microsoft provides strong security protection for its customers data – ISO/IEC 27018 provides important security safeguards and ensures that:
    • there are defined restrictions on how Microsoft handles personally identifiable information, including restrictions on its transmission over public networks, storage on transportable media, and proper processes for data recovery and restoration efforts
    • all the people who process personally identifiable information, including Microsoft’s employees, must be subject to a confidentiality obligation.
  • Data won’t be used for advertising purposes without consent – Microsoft’s adoption of ISO/IEC 27018 reaffirms its commitment not to use customer data for advertising purposes.
  • Customers will be informed about government access to data – ISO/IEC 27018 requires that law enforcement requests for disclosure of personally identifiable data must be disclosed to customers, unless law prohibits this disclosure.

Protecting privacy online is even more important in the current legal environment, where customers increasingly have their own privacy compliance obligations. Microsoft is optimistic that ISO/IEC 27018 can serve as a template for regulators and customers alike as they seek to ensure strong privacy protection across geographies and vertical industry sectors.

Read more about:

Summarised from Microsoft’s website.

Buy ISO/IEC 27018:2014

Published in business and ICT.

You may be interested in these Standards: