There is all this talk about cloud services such as email, servers, and storage to mention a few. One of the biggest question is how does Office 365 address Canadian privacy and the Patriot Act?
In this article we will address some key points regarding Office 365 and privacy. For any company considering Office 365, Microsoft has a fantastic tool called Office 365 Trust Center. Smart businesses know that people and data are the most important assets to any business.
Which compliance standards does Office 365 meet?
Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) shows how private sector organizations collect, use, and disclose personal information in the course of commercial business.
Health Insurance Portability and Accountability Act (HIPAA) covers entities under the law security, privacy, and reporting requirements regarding the processing of electronic protected health information. Microsoft will sign a HIPAA Business Associate Agreement (BAA) to meet this standard.
Data processing agreements (DPAs) provide customers with contractual assurances through DPAs regarding Microsoft handling and safeguarding of customer data. Microsoft is commit to over 40 security commitments collected from regulations worldwide.
Federal Information Security Management Act (FISMA) requires U.S. federal agencies to develop, document, and implement controls to secure their information. Office 365 follows security and privacy processes relating to FISMA.
ISO 27001 is a security benchmark worldwide and Office 365 is the first major business public cloud service to have implemented the rigorous set of physical, logical, process and management controls.
So how does the Patriot Act come into play?
The Patriot Act has attracted some criticism due to where the data is stored however data will always be subject to lawful disclosure to law enforcement. In Canada this would include search warrants under the Criminal Code of Canada and the Canadian Security Intelligence Service Act. It would also be subject to subpoenas such as those issued under the Income Tax Act.
As many people are concerned with the Patriot Act, there is a bigger concern where many European countries permit law enforcement access to information more than in both the United States and Canada.