3.2.8 Azure Privacy, Compliance, and Data Protection Facts

Documentation

Microsoft Privacy Statement

What is the Microsoft privacy statement?

The Microsoft Privacy Statement outlines issues related to personal data. It applies to all Microsoft products, including services, apps, software, servers, and devices.

Topics Covered in the Statement:

  • Personal data Microsoft collects

  • How collected data is used

  • Reasons for sharing personal data

  • Information about cookies, web beacons, and other data collection tools

  • Situation and product-specific privacy information

  • Methods for accessing and controlling a user’s data

Online Services Terms (OST)

What is the Online Services Terms?

The Online Services Terms (OST) is a legal agreement. When customers sign the OST, they agree to the privacy terms and conditions that apply to the purchased online service(s).

Data Protection Addendum (DPA)

What is the Data Protection Addendum?

The Data Protection Addendum (DPA) is an addendum to the OST. It provides additional information about the data processing and security terms and conditions for purchased service(s)

Topics include:

  • Government compliance

  • Data security

  • Data handling

Trust Center

What is the Microsoft Trust Center?

The Microsoft Trust Center is a website for an individual or an organization who wants to learn more about all of Microsoft’s privacy, security, and compliance efforts. If you're trying to determine whether a service is compliant with a particular standard or regulation, the Trust Center would be the best place to begin your research.

Compliance

Regulatory and Compliance Offerings that Microsoft has provided offerings for:

Criminal Justice Information Services (CJIS)

What is it?

It is a collection of requirements and standards for local, state, and federal agencies.

Why was Criminal Justice Information Services created?

Criminal Justice Information Services was created to address information and data security for the criminal justice and law enforcement fields.

Health Insurance Portability and Accountability Act (HIPAA)

What is HIPAA ?

The Health Insurance Portability and Accountability Act (HIPAA) is a standard created to address information and data security for the health care field.

International Organization of Standards/International Electrotechnical Commission (ISO/IEC)

What is International Organization of Standards/International Electrotechnical Commission?

The ISO/IEC standards include the following enforcements for cloud-stored data. These standards ensure that customer data is not used for marketing or advertising purposes and that the data will not be shared unless there is a legally binding order for disclosure.

National Institute of Standards (NIST)

What is NIST?

The NIST is an agency of the U.S. Department of Commerce. The NIST encourages technological advancements and provides recommendations for data protection.