Microsoft announced today that its cloud services are compliant with a new international standard for privacy. Called ISO 27018 (it just rolls off the tongue), the standard dictates how companies should handle personally identifiable information when it’s stored in the cloud.
Brad Smith, the company’s general counsel and executive vice president of Legal and Corporate Affairs, says in a blog post that Microsoft is the first major cloud provider to adopt the standard.
Azure, Office 365 and Dynamics CRM Online have all been evaluated for compliance by the British Standards Institute, and Microsoft Intune has been verified compliant by Bureau Veritas. The move could make companies more confident to try out Microsoft’s cloud offerings when they think of moving workloads online.
The standard calls for a number of behaviors, perhaps most importantly that Microsoft will be required to inform enterprise customers about government requests for their data, except when doing so is prohibited by law. It’s something the company already does when it receives a request, but codifying that behavior could help companies that were on the fence feel more confident about using Microsoft’s services.
In addition, the company affirmed that it will keep users data private, and implement strict safeguards for its security. Microsoft’s adherence to the standard should also be good news for businesses concerned about the use of their data for advertising. Compliance with it means that Microsoft won’t mine its clients’ data to sell ads.
It’s an important move for Microsoft, since potential customers around the world are concerned about the privacy of their data, especially in the wake of Edward Snowden’s disclosures about online surveillance.
