Microsoft has announced it has adopted ISO/IEC 27018, becoming the first major cloud provider to adopt the international privacy standard.
According to a blog post from Brad Smith, Microsoft’s general counsel and executive vice president of legal and corporate affairs, the British Standards Institute has independently verified that Microsoft Azure, Office 365 and Dynamics CRM Online are all aligned with ISO 27018 best practices for data privacy.
The standard ensures that Microsoft’s cloud services only process personally identifiable information based on each user’s individual privacy settings. Adherence to ISO 27018 also keeps Microsoft cloud users informed about which data centers their data is housed in; prevents their data from being used for advertising purposes without consent; and informs users about any government requests for their data.
On a security level, the privacy standard restricts how cloud providers transmit personal data over public networks, store data on transportable media, and how data is processed for data recovery and restoration. Under the standard, Microsoft will also hold all its employees accountable for handling customers’ personal data under a confidentiality agreement.
More details about how Microsoft is complying with the international cloud privacy standard can be found in a Microsoft Azure blog post and a Microsoft Cyber Trust blog post.