Microsoft’s General Counsel and Executive Vice President of Legal and Corporate Affairs, Brad Smith, took to the Internet today to announce that Microsoft is the first of the big cloud service providers to adopt the first international standard for cloud privacy.
In a time when there are many questions about storing data in the cloud, attacks on public services, and privacy against government snooping, Microsoft has been on the front line fighting for their customers’ rights. Microsoft isn’t doing this out of the goodness of their hearts; the future of Microsoft is cloud services, from your grandmother using Outlook.com all the way to enterprise usage of Azure. When there are threats to cloud computing, there are threats to the economic viability of Microsoft.
The ISO/IEC 27018 cloud privacy standard is described on www.iso27001security.com as a standard that:
“…provides guidance aimed at ensuring that cloud service providers (such as Amazon and Google) offer suitable information security controls to protect the privacy of their customers’ clients by securing PII (Personally Identifiable Information) entrusted to them.”
In other words, any hosting company that complies with ISO/IEC 27018 will be implementing processes, policies, and restrictions to security the privacy of their customers. Microsoft says that this means:
I believe Microsoft is fighting the good fight and trying to be as open as possible, and it’s in their best interest to do this. There is a history of this; Microsoft received “confirmation from European data protection authorities that Microsoft’s enterprise cloud contracts are in line with ‘model clauses’ under EU privacy law regarding the international transfer of data,” according to Smith. And Microsoft is currently appealing a decision to force the turnover of data from a mailbox stored in Ireland to the US FBI.