Microsoft is the first company to receive certification for the ISO privacy standard for the cloud.
ISO guidelines include:
- control: only process personal data in accordance with customers’ instructions
- consent: only process personal data for marketing/advertising purposes with the customer’s express consent
- communication: notify customers in the case of a breach and keep clear records about the incident
- transparency: disclose to the customer the identify of sub-processors and any possible locations where personal data may be processed, and
- independent audit: obtain regular reviews of the cloud service provider’s compliance through an independent third party audit.
Microsoft’s General Counsel Brad Smith explains that the adoption of the ISO standard is just one of the ways the company has been exploring to strengthen customers’ privacy in the cloud.