Microsoft today announced that Microsoft Office 365, the company's next-generation cloud productivity service, is the first major cloud-based platform to offer information privacy and security standards for customers operating in the European Union and United States.
Microsoft said that it would sign the EU?s model clauses, which will help its customers certify compliance with the European Commission?s stringent Data Protection Directive, and the U.S.-mandated Health Insurance Portability and Accountability Act (HIPAA).
Microsoft also announced the availability of the Office 365 Trust Center. The site provides information about the privacy and security practices for Office 365. The new site can be accessed at http://trust.office365.com.
In February 2010, the EU released these standard contractual clauses to legitimize the transfer of personal data via international networks to locations outside the European Economic Area (EEA). When included in service agreements with data processors, the model clauses assure customers that appropriate steps have been taken to help safeguard personal data, even if data is stored in a cloud-based service center located outside the EEA. European regulators have the option to request that customers halt the use of a service that hasn't taken appropriate steps to safeguard personal data until they have evaluated the service and deemed it compliant with EU data protection and security standards.
Along with furnishing the model clause provisions, Microsoft has included a data-processing agreement for EU customers. Some of the 27 member states have more exacting requirements than those of the EU-wide Data Protection Directive. To streamline the use of cloud-based services for customers operating under additional compliance requirements, Microsoft has included with the model clause provisions a data-processing agreement that was developed in view of the specifics of member-state regulations.
As the first major cloud-based productivity service to obtain certification under ISO/IEC 27001, an information security management benchmark, Microsoft submits to a yearly audit of its information security policy by an independent expert and shares the results with its customers. Additionally, Microsoft has developed its online services to provide physical, administrative and technical safeguards that facilitate full compliance with HIPAA requirements.
"Until recently, concerns about the security and privacy of patient data have been the most common barrier to healthcare organizations realizing the full potential of cloud-based technologies," said Michael Robinson, general manager for U.S. Health & Life Sciences at Microsoft. "Microsoft is helping remove that barrier by embedding privacy and security capabilities in Office 365 that enable health organizations to address their HIPAA compliance requirements. Today, Office 365 can help hospitals, insurers and clinics confidently empower their staff to be efficient and productive virtually anytime and almost anywhere while substantially reducing their IT operating costs."