Microsoft leads the way with adoption of first international cloud privacy standard
The gradual push of just about everything to the cloud means that security and privacy are of greater concern than ever before. This is true for everyone who makes use of cloud services like OneDrive and Azure, but it is of particular interest to enterprise customers.
Today Microsoft has become the first major cloud service provider to adopt ISO/IEC 27018, the world’s first international standard for cloud privacy. The idea is to ensure that there is a global standard that determines how personal data privacy is handled in the cloud. The standard equips people with a number of assurances.
The code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors -- to give ISO/IEC 27018 its full title -- ensures that customers remain in control of their data. There's a strong focus on leaving the customer not only in control, but fully informed about how data is processed. Customers will be told where their data is stored, how and when it is transferred between places, and who else has access to it -- including access by government agencies where the law permits.
In the case of unauthorized access, the privacy standard requires companies to inform customers, and companies must only process data that could identify customer in accordance with instructions from the customer in question. Any company signing up to the standard will not be able to use customer data for advertising, and are banned from transmitting personally identifiable information over public networks.
Microsoft's General Counsel and Executive Vice President, Legal and Corporate Affairs, Brad Smith, said:
All of these commitments are even more important in the current legal environment, in which enterprise customers increasingly have their own privacy compliance obligations. We're optimistic that ISO 27018 can serve as a template for regulators and customers alike as they seek to ensure strong privacy protection across geographies and vertical industry sectors.
Today's news is just one way we've been working to help strengthen privacy and compliance protections for our customers in the cloud.