Microsoft Adopts International Standard for Cloud Privacy

Microsoft Adopts International Standard for Cloud Privacy

Standard meant to assure customers by restricting the processing and handling of personally identifiable information.


This article originally appeared at The WHIR

Microsoft has adopted ISO/IEC 27018, an international standard for cloud privacy. The standard is meant to assure customers by restricting the processing and handling of personally identifiable information, and establishing transparent data transfer and deletion policies.

The company announced in a blog post on Monday that several services’ compliance with the standard had been independently verified by the British Standards Institute (BSI). The services the standard had been applied to are Azure, Office 365 and Dynamics CRM Online. Microsoft Intune was also verified as compliant by Buerau Veritas.

The standard was created by theInternational Standard Organization (ISO) in 2014 to apply to all cloud vendors. Microsoft says it is the first major provider to adopt ISO/EIC 27018, which is the world’s first international standard of its kind.

The ISO released a set of standards related to cloud computing definitions, along with reference architecture in October.

The Microsoft blog post points out that in addition to increasing customer control and making data center storage practices more transparent to consumers, the standard should assure them that their data will not be used for advertising, and that they will be informed of government access of personal information unless disclosure is illegal.

“All of these commitments are even more important in the current legal environment, in which enterprise customers increasingly have their own privacy compliance obligations,” wrote Microsoft General Council and Executive VP, Legal and Corporate Affairs Brad Smith. “We’re optimistic that ISO 27018 can serve as a template for regulators and customers alike as they seek to ensure strong privacy protection across geographies and vertical industry sectors.”

The privacy of personally identifiably information is a concern for all companies that host it. It is of particularly concern for cloud providers as new, more stringent standards, like the EU regulations Microsoft announced it was meeting last April, come into effect.

High profile data breaches have spotlighted poor security and privacy practices and allowed companies to leverage privacy fears by being publicly proactive in complying with regulations and standards.

This article originally appeared at:

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.