An interesting paper crossed by virtual desk today; Privacy in the Cloud: A Microsoft Perspective. It does exactly what it says on the tin and spells out our approach to privacy with regard to cloud applications. It’s one of the most detailed papers I’ve seen that we’ve produced yet and it’s a must read for anyone interested in the issues of putting your data into the cloud (any kind of cloud) and how we will help to protect and secure it. The paper covers everything from Private cloud, Public Cloud, Hybrids, SaaS, Paas, IaaS and how we look at privacy with respect to them as well as consideration of International boundaries.
It’s interesting to read about just how much of a focus there is inside this place on privacy, there are standards that we adhere to like The Microsoft Privacy Standard for Development (MPSD) which helps ensure that privacy and data protection are systematically incorporated—from the ground up—into Microsoft products and services. There are 40+ people dedicated to privacy and over 400 who ensure that our policies and procedures are applied to those products and services.
Some of the standout stuff for me:
Microsoft Privacy Principles
Accountability in handling personal information within Microsoft and with vendors and partners
Notice to individuals about how we collect, use, retain, and disclose their personal information
Collection of personal information from individuals only for the purposes identified in the privacy notice we have provided
Choice and consent for individuals regarding how we collect, use, and disclose their personal information
Use and retention of personal information in accordance with the privacy notice and consent that individuals have provided
Disclosure or onward transfer of personal information to vendors and partners only for purposes that are identified in the privacy notice, and in a security-enhanced manner
Quality assurance steps to ensure that personal information in our records is accurate and relevant to the purposes for which it was collected
Access for individuals who want to inquire about and, when appropriate, review and update their personal information in our possession
Enhanced security of personal information to help protect against unauthorized access and use
Monitoring and enforcement of compliance with our privacy policies, both internally and with our vendors and partners, along with established processes to address inquiries, complaints, and disputes
I’d suggest comparing Microsoft to others, see if you can find their information on the subject of privacy and security and their business processes….