First international privacy-specific cloud standard adopted by Microsoft

Grazed from Lexology. Author: Neasa Ni ghrada.

On 1 August 2014, the International Standards Organisation (ISO) and the International Electrotechnical Commission (IEC) published the first privacy-specific international standard for the cloud: ISO/IEC 27018 "Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors". Early adopters Microsoft announced on 16 February 2015 that it was the first company to receive certification for the standard.

ISO/IEC 27018 builds on existing ISO standards such as ISO 27001 (the existing best practice for information security management) and is aimed at increasing confidence in data security and cloud computing. Adoption of the standard would complement one of the exceptions to the prohibition on transferring personal data outside of the EEA such as model contracts, Binding Corporate Rules and Safe Harbour…

ISO/IEC 27018 provides best practices for public cloud service providers (CSPs) and establishes guidelines for implementing measures to protect personal data. CSPs that adopt the standard agree to adhere to specific guidelines which include:…

Read more from the source @ http://www.lexology.com/library/detail.aspx?g=9a210423-320c-40ea-a6de-b951d27a3a5c