Privacy is the big ticket item this year. Everybody is absolutely paranoid about their personal data being siphoned off into some big tech company like Google or Facebook. Microsoft is also the target of privacy doomsayers, but they hope to alleviate these fears with a public explanation of their privacy policies.
One of the biggest areas that privacy worries consume the public consciousness is the cloud. It’s just a bunch of servers out somewhere far away. How is my data going to stay protected when I don’t have it stored at a physical location close to me? Microsoft thinks they have found the solution in their flagship cloud service, Office 365.
Microsoft published a white paper last year called “Privacy in the Public Cloud: The Office 365 Approach.” The description says that the white paper “examines Microsoft’s broad approach to privacy governance and describes how these principles and processes have been applied to our latest cloud-based productivity service, Office 365.”
Microsoft approaches the issue with three tenets of privacy – responsibility, transparency and choice. Microsoft will be devoting a separate entry on the Office blog to each one of these. The first one up is responsibility which the company claims is “supported by our broad network of people that implement our privacy standards and provide guidance and training.”
The company’s commitment to privacy responsibility is laid out over the course of six entries. The first of which is their ability to “respond to the rapidly changing priorities for privacy and security in the cloud.” That’s why Office 365 has been built with “risk management mechanisms” that can respond to any changes, whether they be corporate, governmental or outside forces.
It’s not all about Microsoft being responsible though as they put some of the responsibility onto the end user as well. They want all users to know full well their rights and responsibilities when it comes to their personal information and how its treated by local governments. Microsoft will adjust their privacy policies to accomodate the rules of each country, but it’s up to the user to understand what those rules mean.
Another standard is strict control over who can access the data in question. To access any data on the cloud, the person requesting access must have a “legitimate business justification” and the request has to be approved by the person’s manager.
Finally, Microsoft takes on the responsibility of staying up-to-date with the most recent changes in security and anti-malware technologies. This should keep your data safe from all harm, but bad things can still happen. Cloud is the new frontier so hackers and malware creators will be targeting it more and more for the data contained within.
As you can see, Microsoft is pretty much sticking to standard protocol. Regardless, it’s still nice to see a company making a public statement about what they’re doing to protect privacy. Now if only they could withdraw their support for CISPA instead of being kind of for, kind of against the current legislation.