Microsoft announces that its cloud computing platform Azure now conforms to the International Organization for Standardization (ISO) 27018 standard’s code of practice to protect privacy of clients’ personal data stored in the cloud. The company’s Office 365 and Dynamics Customer Relationship Management (CRM) Online are already verified by British Standards Institute (BSI) to align with standard code of practice for protecting Personally Identifiable Information (PII) in the public cloud, as reported by Brad Smith from Microsoft Blog.
Adherence to ISO 27018 ensures that the ownership of PII remains with customers. The cloud company won’t process without any affirmative instruction from customers. The users will be provided full transparency regarding any change in personal data stored in data centers including return, transfer, and deletion. No one can assess customers’ data without their permission. In case of breech to PII or unauthorized processing to equipment or facilities, the notification will be sent automatically. The customer will also be informed if government requests to access personally identifiable data.
ISO 27018 facilitates a strong security protection for data while handling PII including transmission over public cloud, storage on transportable media and data recovery and restoration efforts. Microsoft gives a confidentiality obligation to their PII users including their employees. The company assures that it will not use any enterprise data for advertisement or marketing purpose.