In celebrating Data Privacy Day tomorrow, at Microsoft we remember our commitment to privacy as a basic human right. Julie Brill, our privacy director, has written extensively about Microsoft's support for the various international data privacy regulations and the work we have done to extend those rights to all customers, no matter where they live.
Beyond our commitment to compliance with privacy standards, we are working to be your trusted partner in this journey of privacy compliance. To help you get ahead of the rapidly changing regulatory requirements, we are announcing new privacy-focused assessments as part of the Microsoft Compliance Score public preview.
The rapidly changing regulations create business challenges
Privacy regulations are fundamental to the way we manage data in today's world. Gartner has predicted that "by 2022, half the population of the planet will have their personal information covered by local privacy regulations in line with the General Data Protection Regulation (GDPR), compared to one tenth of today." 1 However, keeping up with these rapidly changing regulatory requirements has become one of the biggest challenges facing companies today, leaving many compliance and privacy teams in a state of reaction .
Just when companies finished preparing for the General Data Protection Regulation (GDPR), California announced its own privacy regulation, the California Consumer Privacy Act (CCPA), which took effect on January 1 of 2020. Brazil's own regulation similar to GDPR, Lei Geral de Proteção de Dados (LGPD), will begin to apply in August 2020. And we can be sure that there are even more data privacy regulations worldwide.
New assessments to help make sense of regulations
To help you get ahead As the compliance landscape evolves, we are pleased to announce several new assessments available in the Microsoft Preview public preview. Taking advantage of a team of data protection experts that uses a common control framework of more than 1,000 controls, we create unique information about Microsoft's compliance score.
You can use these new assessments in the Microsoft Compliance Score to assess your own compliance stance with respect to recent regulations and obtain guidance to implement more effective controls for:
- ISO / IEC 27701: 2019 The International Organization for Standardization published a new standard to provide guidance to establish, implement, maintain and continuously improve a Privacy Information Management System (PIMS). This standard helps companies to reconcile multiple regulatory privacy requirements, outlining a comprehensive set of operational controls that can be assigned to various regulations, including the GDPR. With this new evaluation, you can use a universal set of operational controls for consistent and efficient implementation and audits.
- California Consumer Privacy Act (CCPA) —CCPA is the first comprehensive privacy law in the United States. It provides California consumers with a variety of privacy rights. As Julie Brill announced in November 2019, Microsoft extends the fundamental rights of CCPA to all our customers in the US. UU. To help you navigate your CCPA compliance journey better, this Microsoft Compliance Score assessment is designed to help CCPA-subject companies evaluate, manage and audit their CCPA controls.
- Brazil Lei Geral de Proteção de Dados (LGPD) —Brazil approved its own law similar to GDPR in 2018, and will take effect in August. Like the GDPR, any company that has clients in Brazil must prepare for the deadline. If you have already worked on GDPR compliance, then you already have a solid foundation on which to build. If you have not performed assessments for any GDPR style regulation, start today and follow the recommended actions in the Microsoft Compliance Score.
- SOC 1 Type 2 and SOC 2 Type 2 —The American Institute of Certified Public Accountants (AICPA) developed the service organization controls framework (SOC), which sets a standard to safeguard the confidentiality and privacy of the information stored and processed in the cloud. Many companies use the SOC 1 and SOC 2 reports to provide their clients and auditors with the security of their internal controls. We launch these evaluations to help you prepare SOC reports that help build credibility and trust with your customers.
By following these recommendations and implementing these controls, you can play a proactive role in anticipating privacy compliance. You can find the public preview of the Microsoft compliance score at the Microsoft 365 Compliance Center (compliance.microsoft.com), which now extends to all Microsoft 365 and Office 365 plans. You can also explore our technical documentation for Learn how to add these controls to your board today.
For more information on how to prepare for CCPA, we recommend that you read the e-book, Five Tips to Help You Prepare for the California Consumer Privacy Act (CCPA) and listen to the podcast, Implementing the CCPA, co-produced by Perkins Coie and Microsoft. Also, read Business Solutions for CCPA Compliance, published by Perkins Coie, to help you better understand CCPA.
Please note that today we are also announcing updates to the Microsoft 365 Compliance Center to help you more easily manage your compliance tools in one place. You can get more information on our Compliance Tech Community blog.
1 The state of privacy and regulation of personal data, Nader Henein and Bart Willemsen, April 15, 2019