By Brendon Lynch, Chief Privacy Officer, Microsoft

Microsoft understands that a customer’s willingness to use a particular cloud computing service depends on their ability to trust that the privacy of their information will be protected, and that their data will only be used in a manner consistent with customer expectations. But even the best designed and implemented services can only protect customer data if they are deployed in a secured environment.

That’s why Microsoft has developed processes and protocols for both physical and digital environments that help keep customer data in our cloud services safe and compliant with regulations.  These processes include:

Access Controls
Microsoft restricts physical access to data center facilities 24x7 and limits access to data, based on business needs. For example, by logically separating data belonging to different cloud tenants, we make sure each customer accesses only their own data.

Monitoring
We continuously monitor all production service environments for privacy and security related threats. When a privacy threat is detected, a cross-discipline team of engineers, privacy experts, forensics specialists, legal and communications staff ensure the incident is resolved in a timely manner.

Transparency
Microsoft will only hand over customer data to a third party in response to a specific lawful demand from a government or law enforcement agency. If we are compelled to disclose customer data, we will promptly notify that customer and provide a copy of the demand, unless legally prohibited from doing so. We understand the need to earn customer trust by being as transparent as possible about the people, policies, and processes we have in place to protect privacy.

Geo-Location
Data geo-location is an important consideration for some customers. Each Microsoft cloud service has its own geo-location policies for customer data, enabling customers to know the regions in which their data will be located.

Built-In Compliance
Windows Azure, Office 365, Windows Intune, and Dynamics CRM Online not only comply with the major global data privacy standards, but help our customers comply with those standards as well.

I’ll be back next week with the final post in this three-part blog series. In the meantime, you can read more about how Microsoft helps to ensure the privacy and security of customer data in the cloud, in our recent white paper, Protecting Data and Privacy in the Cloud.