​Microsoft adopts international cloud privacy standard

Microsoft has committed to adhering to ISO/IEC 27018, developed by the International Organization for Standardization, to ensure that personally identifiable information stored in its public cloud is protected.
Written by Aimee Chanthadavong, Contributor

Microsoft has announced that it has adopted the first international standard for cloud privacy to protect the personal data it stores in the cloud.

According to Microsoft, adherence to ISO/IEC 27018, which was developed by the International Organization for Standardization (ISO), ensures that enterprise customers with data stored in Microsoft Azure, Office 365, and Dynamic CRM Online are compliant with the standard's code of practice for the protection of personally identifiable information in the public cloud.

More specifically, Microsoft said that under the standard, enterprise customers will have control of their data; will be informed of what's happening with their data, including whether there are any returns, transfers, or deletion of their personal information; and will be protected with "strong security" by ensuring that any people processing personally identifiable information will be subject to a confidentiality obligation.

At the same time, Microsoft has ensured that it will not use any data for advertising purposes, and that it will inform its customers if their data is accessed by the government.

In a blog post, Brad Smith, Microsoft general manager and executive vice president, legal and corporate affairs, said that the adoption of the privacy standard validates the company's commitment to protecting the privacy of its customers online.

"All of these commitments are even more important in the current legal environment, in which enterprise customers increasingly have their own privacy compliance obligations. We're optimistic that ISO 27018 can serve as a template for regulators and customers alike as they seek to ensure strong privacy protection across geographies and vertical industry sectors," he said.

Last year, Microsoft made its Azure Geo available in Australia as its pledge to cater to the concerns and obligations of enterprise customers that need their data to be stored in the cloud locally. The cloud service is being hosted at two Microsoft datacentres located in Sydney, New South Wales, and Melbourne, Victoria.

Microsoft's vow to protect its customers' data comes at a time when the Australian government has been pushing for the introduction of mandatory data-retention legislation.

Under the proposed legislation, Australian telecommunications companies would be required to retain an as-yet-undefined set of customer data for two years, not limited to but including call records, address information, email addresses, and assigned IP addresses.

However, AIMIA, the digital policy group representing tech giants including Microsoft, said the legislation would be a breach of privacy of all Australians.

Editorial standards