FAQ : How is Office365 compliant with ________ ?
Fill in the blank!
This is a common question we get that can cover many different aspects of compliance : security, privacy, industry standards, data sovereignty etc etc. The best way to approach this is to break it down as follows
1. What exact law or statute are you concerned about compliance with?
2. How are you compliant with that statute today?
3. How will you be compliant when using a cloud service?
In many cases we find 2 & 3 above are the same answer, but generally we find IT folks (and as IT sellers we include ourselves in that!) are not equipped to answer these questions.
The good news is there is a wealth of information and guidance on this topic that has been provided by Microsoft and various official bodies within Canada (see below), so our advice when deciding on this important issue is to be educated on our policies and the guidance from Canadian privacy sources, and make sure to involve your corporate counsel/security/privacy officer(s) . In most cases we find there is a policy already in place that can address the questions appropriately, there is no impedement to using Office365 services.
Further Information from Microsoft
Security Features In Microsoft Online Services
Privacy In the Cloud : A Microsoft Persepctive
Securing Microsoft’s Cloud Infrastructure
Further information from Non-Microsoft Canadian external Sources
Federal Privacy Commissioner : Guidelines for Processing Personal Data Across Borders
Treasury Board Secretariat : Taking Privacy into Account Before Making Contracting Decisions
Ontario Privacy Commissioner : Privacy in the Clouds: Privacy and Digital Identity - Implications for the Internet
Ontario Privacy Commisioner : Modeling Cloud Computing Architecture Without Compromising Privacy: A Privacy by Design Approach