Microsoft Boosts Office 365 Security To Meet European Data Protection Requirements


Microsoft has improved the security and privacy capabilities of its Office 365 cloud applications, the company said Wednesday, in a move that will help customers comply with stringent European Union data protection regulations and the U.S. Health Insurance Portability and Accountability Act (HIPAA).

Microsoft, like rivals Google, Amazon and others, is racing to bring its cloud software into compliance with government security regulations. Earlier this year Microsoft and Google became embroiled in a dispute over whose cloud software complied with Federal Information Security Management Act (FISMA) requirements.

Meeting such requirements can be critical for winning government contracts, such as the $60 million deal to provide the U.S. Department of the Interior with e-mail and collaboration cloud software that Google and Microsoft spent much of the year fighting over in court.

Microsoft also said it has overhauled its Office 365 Trust Center, a Web site that provides detailed information about Office 365 privacy and security practices, to make it easier to use.

Microsoft said it would sign the European Union's contractual clauses, which the vendor said would help customers comply with the EU's stringent Data Protection Directive regulations. The contractual or "model clauses" legitimize the transfer of personal data through international networks to locations outside the European Economic Area (EEA).

The clauses, built into service agreements with data processors, assures customers than appropriate steps have been taken to safeguard personal data stored in cloud service centers outside of the EEA.

Microsoft said it also is including a data processing agreement for European customers to help them comply with even stricter data protection requirements set by individual European countries. Microsoft said that step goes beyond protection guarantees provided by other cloud service vendors.

"Developing cloud-based productivity tools that meet the needs of European businesses means more than simply building apps in a browser," said Jean-Philippe Courtois, president, Microsoft International, in a statement. "Microsoft has a more complete approach to European data protection and security laws than any other company."

Microsoft also said it has embedded privacy and security capabilities in Office 365 to provide physical, administrative and technical safeguards that comply with HIPAA.