UK Web Focus (Brian Kelly)

Innovation and best practices for the Web

Microsoft Adopts First International Cloud Privacy Standard

Posted by Brian Kelly on 18 Feb 2015

Announcement

microsoft-adopts-first-international-cloud-privacy-standardOn Monday 16 January 2015 Microsoft announced that they had adopted the first international Cloud privacy standard.

The standard in question is ISO/IEC 27018, the code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.

Discussion

A ZDNet article entitled “Microsoft adopts international cloud privacy standard” was published yesterday which provided Microsoft’s summary of this development:

… under the standard, enterprise customers will have control of their data; will be informed of what’s happening with their data, including whether there are any returns, transfers, or deletion of their personal information; and will be protected with “strong security” by ensuring that any people processing personally identifiable information will be subject to a confidentiality obligation.

At the same time, Microsoft has ensured that it will not use any data for advertising purposes, and that it will inform its customers if their data is accessed by the government.

Other news announcements included:

The latter article highlights one limitation of the standard: “Microsoft added the new standard forces them to inform users about government access to data, unless the disclosure is prohibited by law“. This seems to suggest that if the UK Government requests data held by Microsoft in their Cloud service conformance with the standard will require them publicise such disclosure; however this would not be the case in the US where such disclosure is seemingly prohibited by law.

Andrew Cormack, in a post on Janet’s Regulatory Developments blog pointed out that Microsoft’s new ISO/IEC 27018 standard covers “their Azure, Office365 and Intune cloud services“. This should be a pleasing development for institutions which are making use of Microsoft’s Cloud services. But here does this leave Google, Amazon and other major Cloud services?


View Twitter conversations and metrics using: [Topsy] – [bit.ly]

One Response to “Microsoft Adopts First International Cloud Privacy Standard”

  1. […] as a tutor used to say, “always start your posts with the last thing you thought”). Brian Kelly posted on Microsoft adapting the first international privacy standard . I think this is very interesting and a piece of news worth highlighting as it fits in here […]

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

 
%d bloggers like this: