As we reported earlier last week, Microsoft is putting some more care and thought into how it can clearly communicate their respect for and protection of the user’s data. After many concerns over the data collection methods Windows 10 natively employs, it is a welcomed changed in messaging. But to be clear, for all the concerns that have been raised, the evidence has only conclusively pointed in one direction, that Microsoft only collects data in order to simply provide the online services a user signs up for (for example the EULA you agree has to allow Microsoft to retrieve your email for you in order to provide it to you to read) and to ensure their engineers are receiving feedback in order to continually improve Windows.
On a similar note, as of today Microsoft is consolidating and solidifying the messaging of their enterprise cloud services’ privacy, security, and compliance statements. The new Unified Trust Center for the Microsoft Cloud encompasses the privacy and security policies for Microsoft Azure, Microsoft Dynamics CRM Online, Microsoft Intune, and Microsoft Office 365. From the new Unified Trust Center, enterprise customers can clearly see in one location how Microsoft protects your organization’s data, Microsoft's commitment to your privacy, what regulations their cloud services are compliant with, and gain more insight on the company’s approach to transparency.
Specifically, users can “get an overview of how security is built into the Microsoft Cloud from the ground up, with protection at the physical, network, host, application, and data layers so that our online services are resilient to attack.” They can also access detailed listings of Microsoft Cloud’s certifications and attestations in order to be compliant with various government regulations. These include but are not limited to, “EU Model Clauses, FedRAMP, HIPAA, ISO/IEC 27001 and 27018, PCI-DSS, and SOC 1 and SOC 2.”
In today’s announcement of the new Unified Trust Center, Microsoft also outlined their privacy principles for their enterprise cloud services in clear terms. The company lists the following four principles regarding privacy and control:
- You own your own data describes Microsoft Cloud policies for data ownership; we will use your customer data only to provide the services we have agreed upon.
- You are in control of your customer data provides datacenter maps for each service, and policies for data portability, retention, and access.
- Responding to government and law enforcement requests to access customer data outlines our processes for responding, including our commitment to transparency and limits in what we will disclose.
- We set and adhere to stringent privacy standards describes how privacy in the Microsoft Cloud is grounded in the Microsoft Privacy Standard and the Microsoft Secure Development Lifecycle, and backed with strong contractual commitments to safeguard customer data in the Microsoft Online Services Terms.
The Washington based technology company has been very vocal recently regarding privacy and security beyond today’s announcement. Their most recent efforts have included everything from the previously mentioned update to their Privacy Statement, to Satya Nadella’s keynote on a new envisioning of endpoint protection at the Microsoft Government Cloud forum, to Microsoft Chief Legal Officer Brad Smith’s advocacy for Privacy Act reform. Hopefully all of these efforts do not fall on deaf ears and they begin to fit together and mutually reinforce Microsoft’s commitment to keeping your private data precisely that, yours and private.