Microsoft has said it now complies with the ISO/IEC 27018:2014 code of practice, which aims to establish a uniform, international approach to data protection in the cloud.
The British Standards Institute (BSI) has independently verified that, in addition to Microsoft Azure, both Office 365 and Dynamics CRM Online are aligned with the standards code of practice for the protection of personally identifiable information in the public cloud, according to Microsoft.
Microsoft Cloud has also been verified by testing and verification group Bureau Veritas.
Microsoft legal and corporate affairs general counsel and executive vice-president Brad Smith wrote in a blog post that ahderence to ISO/IEC 27018:2014 assures enterprise customers that privacy is protected in several distinct ways.
"You are in control of your data," he wrote. "Our adherence to the standard ensures that we only process personally identifiable information according to the instructions that you provide to us as our customer."
More on cloud compliance
- Tips for choosing a global cloud infrastructure provider
- IT fails to get a grip on shadow applications
- Public participation should be used to fuel big data in healthcare
- AWS cloud security and compliance win enterprise trust
Smith also wrote that adherence to the standard ensures transparency about Microsoft's policies regarding the return, transfer and deletion of personal information users store in the company's datacentres.
"We'll not only let you know where your data is, but if we work with other companies who need to access your data, we'll let you know who we're working with," he wrote.
"In addition, if there is unauthorised access to personally identifiable information or processing equipment or facilities resulting in the loss, disclosure or alteration of this information, we'll let you know about this."
Smith said the standard ensures there are defined restrictions on how Microsoft handles personally identifiable information, including restrictions on its transmission over public networks, storage on transportable media, and proper processes for data recovery and restoration efforts.
He said the standard ensures that all of the people, including Microsoft employees, who process personally identifiable information must be subject to a confidentiality obligation.
"Your data won't be used for advertising and we inform you about government access to data," Smith wrote in the blog post.