Microsoft boosts Office 365 regulatory compliance

Microsoft will make new contractual commitments for regulations in the U.S. and Europe

Microsoft has taken steps to make Office 365 more attractive to U.S. and European customers who have to comply with regulatory requirements related to data protection, the company is expected to announce Wednesday.

The new safeguards come primarily in the form of contractual commitments and new software features. Microsoft hopes the moves will lessen potential concerns about using its cloud-based applications, which are hosted in Microsoft data centers where customers' data is also stored.

[ Get familiar fast with Office 2010's key applications -- Word, Excel, PowerPoint, and Outlook -- with InfoWorld's set of Office 2010 QuickStart PDF guides. | Stay abreast of key Microsoft technologies in our Technology: Microsoft newsletter. ]

When selling Office 365 in Europe, Microsoft will now sign contractual "model clauses" developed by the European Union, which establish safeguards and procedures for protecting data when it is transferred outside the E.U.

In European countries with additional requirements, Microsoft will include what it called a "data processing agreement" that goes beyond the E.U.'s Data Protection Directive rules.

In the U.S., for contracts with health-care companies that have to comply with the Health Insurance Portability and Accountability Act (HIPAA), Microsoft will include Business Associate Agreement (BAA) contract provisions drafted by the U.S. Department of Health that address legal requirements around patient data privacy and protection.

"We want to help customers move with confidence and security to the cloud and be compliant with obligations to HIPAA and E.U. data protection rules," said Stephen McGibbons, Microsoft CTO for the EMEA (Europe, Middle East and Africa) region.

Microsoft is also re-launching the Office 365 Trust Center, a website with information about the product's privacy and security practices that has been redesigned to make it easier to use.

Although businesses are becoming more comfortable with cloud-hosted software, companies in heavily regulated industries such as health care and finance tend to be more apprehensive, as they have to be careful not to run afoul of data-protection regulations.

"We want to make sure that customers using our cloud services can demonstrate that they're complying with their regulation responsibilities, and we also want to make it easier for customers to move to the cloud quickly," McGibbons said.

Juan Carlos Perez covers search, social media, online advertising, e-commerce, web application development, enterprise cloud collaboration suites and general technology breaking news for The IDG News Service. Follow Juan on Twitter at @JuanCPerezIDG.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies