Category Archives: International

Microsoft adopts international privacy standard for cloud services

Microsoft is the first company to receive certification for the ISO privacy standard for the cloud.

ISO guidelines include:

  • control: only process personal data in accordance with customers’ instructions
  • consent: only process personal data for marketing/advertising purposes with the customer’s express consent
  • communication: notify customers in the case of a breach and keep clear records about the incident
  • transparency: disclose to the customer the identify of sub-processors and any possible locations where personal data may be processed, and
  • independent audit: obtain regular reviews of the cloud service provider’s compliance through an independent third party audit.

Microsoft’s General Counsel Brad Smith explains that the adoption of the ISO standard is just one of the ways the company has been exploring to strengthen customers’ privacy in the cloud.

Source: Microsoft announcement and Computer World article

APEC Privacy Framework being updated

APEC hopes to have an update of its privacy framework completed by the end of this year. The New Zealand Privacy Commissioner has undertaken the review as part of an Australia, Canada and New Zealand stocktake group.

Areas identified for strengthening include:

  • introducing the concept of privacy management programmes
  • adding breach notification to the list of remedies, and
  • outlining factors to be considered in balancing trade considerations when restricting cross-border transfers for privacy reasons.

See the full statement on the Privacy Commission website