Out-Law News 1 min. read
18 Feb 2015, 4:12 pm
Microsoft's Azure, Office 365 and Dynamics CRM Online services have all been verified by the British Standards Institute as following the standard's code of practice for the protection of Personally Identifiable Information (PII) in the cloud,
Brad Smith, executive vice president for Microsoft’s legal affairs team said on a blog post.
The changes will mean that users have control of their own data, Smith said. PII can only be processed according to the instructions of each customer.
Users will also have 'transparency' about what is happening with that data: where it is stored, which other companies access it, and whether there has been any unauthorised access, Microsoft said.
ISO/IIEC 27018 includes restrictions on the transmission of PPI over public networks, storage on 'transportable media', and processes for data recovery, Smith said.
Customer data will not be used for advertising, and Smith said Microsoft will inform enterprise users of any government requests for access to their data, "unless this disclosure is prohibited by law" – an approach that he said the company already adheres to.
"All of these commitments are even more important in the current legal environment, in which enterprise customers increasingly have their own privacy compliance obligations. We’re optimistic that ISO 27018 can serve as a template for regulators and customers alike as they seek to ensure strong privacy protection across geographies and vertical industry sectors," Smith said.
In April 2014, Microsoft said it had received confirmation from the European Union that its cloud services meet EU privacy law, no matter where that data is stored. The use of cloud computing services is growing steadily among EU businesses, which use it for file storage, email and software applications.