Microsoft claims compliance with ISO data privacy standard

Microsoft says its compliance with a data privacy standard set by the International Organization for Standardization (ISO) means customer data in its Azure cloud will be safer from prying eyes.

The ISO/IEC 27018 standard aims to establish “a uniform, international approach to protecting privacy for personal data stored in the cloud,” Microsoft General Counsel and EVP Brad Smith wrote in a blog post.

A third-party, the British Standards Institute (BSI), has verified that Microsoft Azure as well as Office 365 and Dynamics CRM Online meet the ISO criteria, Smith noted.

Compliance means that the vendor’s customer controls her data and will know what’s happening with that data down the line. It also requires the vendor to implement strong security and restricts how data can be handled on public networks, transportable media etc. And, it means that data will not be used for advertising — which means that [company]Google[/company] is unlikely to climb aboard this particular bandwagon.

This is not an academic exercise for [company]Microsoft[/company] which is fighting U.S. court order to turn over customer data residing in its Dublin data center to U.S. authorities.

Cloud competitors are likely to call this a PR stunt — a concept that Microsoft is familiar with — but a security expert said ISO/IEC 27018 certification could become a major selling point to privacy obsessed consumers who balk at the notion that Google, because of its advertising business, uses customer data to sell stuff.

Said this expert, who requested anonymity because he works with both Google and Microsoft:  “Google would never agree to this since advertising is everything to them … Personally when I pay someone for a service, I expect my data to be private. When I use a service for free I accept that it is being paid for by sacrificing my privacy.”

For more on Microsoft’s data privacy stance, see Smith’s talk at last year’s Structure show below.