“In addition, the standard ensures that all of the people, including our own employees, who process personally identifiable information must be subject to a confidentiality obligation.”
As enterprise customers continue to express concerns about cloud service providers using their data for advertising purposes without consent, Smith insists Microsoft’s new commitment ensures company “data won’t be used for advertising.”
“The adoption of this standard reaffirms our longstanding commitment not to use enterprise customer data for advertising purposes,” he adds.
Taking it a step further, Microsoft’s new stance ensures organisations will be made aware about government access to their data.
At present, the standard requires that law enforcement requests for disclosure of personally identifiable data must be disclosed to you as an enterprise customer, unless this disclosure is prohibited by law.
“We’ve already adhered to this approach (and more), and adoption of the standard reinforces this commitment,” Smith adds.
“All of these commitments are even more important in the current legal environment, in which enterprise customers increasingly have their own privacy compliance obligations.
“We’re optimistic that ISO 27018 can serve as a template for regulators and customers alike as they seek to ensure strong privacy protection across geographies and vertical industry sectors.”
According to Smith, this news is just one way Microsoft has been working to help strengthen privacy and compliance protections for its customers in the cloud.
Last Autumn, Redmond received confirmation from European data protection authorities that Microsoft’s enterprise cloud contracts are in line with “model clauses” under EU privacy law regarding the international transfer of data.
And last Spring, Smith says Microsoft became one of the first companies to sign the Student Privacy Pledge developed by the Future of Privacy Forum and the Software & Information Industry Association to establish a common set of principles to protect the privacy of student information.
“As we’ve said before, customers will only use services that they trust,” he adds.
“The validation that we’ve adopted this standard is further evidence of our commitment to protect the privacy of our customers online.”