As we celebrate Data Privacy Day tomorrow, we at Microsoft are reminded of our commitment to privacy as a basic human right. Julie Brill, our Chief Privacy Officer, has written at length about Microsoft’s support for the various international data privacy regulations and the work we’ve done to extend those rights to all customers, no matter where they live.
Beyond our commitment to compliance with privacy regulations, we’re working to be your trusted partner on this privacy compliance journey. To help you get ahead of rapidly changing regulatory requirements, we’re announcing new privacy-focused assessments as part of the public preview of Microsoft Compliance Score.
Rapidly changing regulations create business challenges
Privacy regulations are critical to how we manage data in today’s world. Gartner has predicted that “by 2022, half of the planet’s population will have its personal information covered under local privacy regulations in line with the General Data Protection Regulation (GDPR), up from one-tenth today.”1 However, keeping up with these rapidly changing regulatory requirements has become one of the biggest challenge’s companies face today, leaving many compliance and privacy teams in a state of reaction.
Just as companies finished preparing for the General Data Protection Regulation (GDPR), California announced its own privacy regulation—California Consumer Privacy Act (CCPA)—which went into effect on January 1, 2020. Brazil’s own GDPR-like regulation, Lei Geral de Proteção de Dados (LGPD), will start to be enforced August 2020. And we can be sure that even more data privacy regulations are coming around the world.
New assessments to help you make sense of regulations
To help you get ahead of the ever-evolving compliance landscape, we’re excited to announce several new assessments available in the public preview of Microsoft Compliance Score. Leveraging a team of data protection experts using a common control framework of more than 1,000 controls, we built unique insights into Microsoft Compliance Score.
You can use these new assessments in Microsoft Compliance Score to assess your own compliance posture against recent regulations and get guidance to implement more effective controls for:
- ISO/IEC 27701:2019—The International Organization for Standardization published a new standard to provide guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). This standard helps companies reconcile multiple privacy regulatory requirements, outlining a comprehensive set of operational controls that can be mapped to various regulations, including the GDPR. With this new assessment, you can use a universal set of operational controls for consistent and efficient implementation and audits.
- California Consumer Privacy Act (CCPA)—CCPA is the first comprehensive privacy law in the United States. It provides California consumers with a variety of privacy rights. As Julie Brill announced in November 2019, Microsoft extends CCPA’s core rights to all our customers in the U.S. To help you better navigate your CCPA compliance journey, this assessment in Microsoft Compliance Score is designed to help companies subject to CCPA to assess, manage, and audit their CCPA controls.
- Brazil Lei Geral de Proteção de Dados (LGPD)—Brazil passed its own GDPR-like law in 2018, and it’s coming into effect this August. Similar to the GDPR, any company that has customers in Brazil needs to get ready by the deadline. If you’ve already worked on GDPR compliance, then you already have a strong base on which to build. If you haven’t done assessments for any GDPR-style regulation, start today and follow the recommended actions in Microsoft Compliance Score.
- SOC 1 Type 2 and SOC 2 Type 2—The American Institute of Certified Public Accountants (AICPA) developed the Service Organization Controls (SOC) framework, which establishes a standard for safeguarding the confidentiality and privacy of information stored and processed in the cloud. Many companies use SOC 1 and SOC 2 reports to provide their customers and auditors assurance of their internal controls. We released these assessments to help you prepare SOC reports that help build credibility and trust with your customers.
By following these recommendations and implementing these controls, you can take a proactive role in getting ahead of privacy compliance. You can find the public preview of Microsoft Compliance Score in Microsoft 365 compliance center (compliance.microsoft.com), which is now extended to all Microsoft 365 and Office 365 plans. You can also explore our technical documentation to learn how to add these controls onto your dashboard today.
For more information on how to get ready for CCPA, we recommend that you read the e-book, Five tips to help you prepare for the California Consumer Privacy Act (CCPA), and listen to the podcast, Implementing the CCPA, coproduced by Perkins Coie and Microsoft. Also, read Business Solutions for CCPA Compliance, published by Perkins Coie, to help you to better understand CCPA.
Note that today we’re also announcing updates to the Microsoft 365 compliance center to help you to more easily manage your compliance tools in one place. You can learn more on our Compliance Tech Community blog.
1 The state of privacy and personal data regulation, Nader Henein and Bart Willemsen, 15 April, 2019