You know what’s happening with your data
Adherence to the standard ensures transparency about our policies regarding the return, transfer, and deletion of personal information you store in our data centres.
We’ll not only let you know where your data is, but if we work with other companies who need to access your data, we’ll let you know who we’re working with.
In addition, if there is unauthorised access to personally identifiable information or processing equipment or facilities resulting in the loss, disclosure or alteration of this information, we’ll let you know about this.
We provide strong security protection for your data
Adherence to ISO 27018 provides a number of important security safeguards. It ensures that there are defined restrictions on how we handle personally identifiable information, including restrictions on its transmission over public networks, storage on transportable media, and proper processes for data recovery and restoration efforts.
In addition, the standard ensures that all of the people, including our own employees, who process personally identifiable information must be subject to a confidentiality obligation.
Your data won’t be used for advertising
Enterprise customers are increasingly expressing concerns about cloud service providers using their data for advertising purposes without consent. The adoption of this standard reaffirms our longstanding commitment not to use enterprise customer data for advertising purposes.
We inform you about government access to data
The standard requires that law enforcement requests for disclosure of personally identifiable data must be disclosed to you as an enterprise customer, unless this disclosure is prohibited by law. We’ve already adhered to this approach (and more), and adoption of the standard reinforces this commitment.
All of these commitments are even more important in the current legal environment, in which enterprise customers increasingly have their own privacy compliance obligations. We understand that they depend upon the steps that we take to enable them to meet these obligations.
We’re optimistic that ISO 27018 can serve as a template for regulators and customers alike as they seek to ensure strong privacy protection across geographies and vertical industry sectors.
We also understand that our customers will only use services that they trust. The validation that we’ve adopted this standard is both a new benchmark for the cloud services industry, and further evidence of our commitment to protect the privacy of our customers.
So if you’re a business that’s looking to move to the Cloud, keep IOS 27018 in mind when you go looking for a Cloud provider.
They might seem like just five little numbers, but they will make a big difference to the safety of your data.
By Russell Craig National Technology Officer, Microsoft New Zealand