Microsoft releases NZ privacy guide for Office 365

  • Article

New Zealand organisations are quickly deploying cloud computing. Low prices and convenience are appealing, but there are also important questions to ask around privacy, security, and data integrity.

Waldo Kuipers, Corporate Affairs Manager at Microsoft NZ, says “Organisations know that trust matters. They need to keep business information secure, and do the right thing on privacy. But people often tell us they’re unsure what to ask.”

In February, the Office of the Privacy Commissioner published a plain English cloud computing guide. That guidance is available at https://privacy.org.nz/using-the-cloud/.

“Headlines about information leaks have raised awareness, and Kiwi organisations are taking privacy seriously. They want their move to the cloud to improve privacy and security, so they’re asking us to take them through this cloud guidance,” says Waldo.

Today, Microsoft NZ has released a standard response to help organisations assess the Office 365 cloud service, based on the cloud guidance from the Office of the Privacy Commissioner. “It’s a very straightforward way for people to work through this official cloud privacy guidance if they’re considering Office 365,” explains Waldo.

Andrew Hunt, CEO of technology support company Kinetics Group, says, “Electronic records are critical. I ask people, ‘How well are you taking care of your data?’ Too often we’re asked to come in after data has been lost. It’s so much better to prevent issues in the first place.”

Privacy Awareness Week 2013 is next week, from 28 April to 4 May. “It’s like checking the batteries on your smoke alarm or your car’s warrant of fitness, you need to check periodically that everything is in order,” says Andrew.

The Office of the Privacy Commissioner's guidance says, “Think of what risks you currently have with handling personal information. Will using the cloud increase or decrease those risks?” Andrew agrees, “The guidance from the Privacy Commissioner is a valuable checklist to use with current and future providers. If you choose carefully, cloud services can definitely be a step up.” 

With Office 365, Microsoft makes a contractual commitment to use customer data only to provide the Office 365 service to customers of the service. “We think this use limitation is important because customer data could include sensitive or personal information about your staff, clients, patients, customers, or students,” says Waldo. “Microsoft’s policy is not to use Office 365 customer data for other purposes, such as profiling people for advertising or improving advertising services.”

A recent upgrade to Office 365 added new security features, including the option to deploy data loss prevention rules that can help prevent sensitive information from being leaked by email. Upgrades to Office 365 are automatically available to customers, so they can have the latest technology at their fingertips.

“Privacy and security have been a big focus for Office 365 from the outset. We hope Office 365 will play a part in helping many New Zealand organisations improve privacy, security, and service continuity disciplines in a cost effective way,” says Waldo.

The standard response for Office 365 is available at: https://aka.ms/NZprivacyOffice365 or below (PDF, 489KB).

Standard Response to OPC Cloud Computing Checklist for Office 365 - 24 April 2013.pdf