Newsroom HomeBlogsStoriesSoundtrack ProjectNewsroom ArchivesChamber Home Page

International Cloud Privacy Standards - And Why They Matter to You

Public cloud computing services - computing resources (such as networks, storage, applications, and services) purchased from another company (a “cloud services provider”) - offer many potential benefits for businesses, among them economies of scale, lower capital costs, and improved accessibility.

However, cloud computing is not without risk. Various data protection laws require businesses to safeguard and protect the privacy of personal information stored in the cloud. As a result, businesses must assess and address information security and privacy risks before becoming a customer of a cloud services provider and entrusting personal information to that provider.

On August 1, 2014, the International Organization for Standardization (ISO) issued ISO/IEC 27018- a standard for protecting personal information stored in the cloud. To learn more about ISO/IEC 27018 and its personal information protection requirements, click here.

As we wrote previously, ISO 27018 may be a helpful tool for businesses to use in evaluating a cloud service provider’s capabilities to protect personal information stored in the cloud.

On February 16, 2015, Microsoft announced that that it had become the first major cloud provider to adopt ISO/IEC 27018. ISO/IEC 270018 requires Microsoft to take the following steps (among others) to protect the privacy of personal information stored in the Microsoft Cloud:
  • Process personal information only as instructed by the customer;
  • Never process personal information for advertising and marketing purposes without the customer’s express consent;
  • Reject requests for personal information that are not legally binding; consult the customer when legally permissible before making any disclosure of personal information; and accept any requests for disclosures of personal information authorized by a customer;
  • Notify the customer of any request for disclosure of personal information by a law enforcement authority, unless that disclosure is otherwise prohibited;
  • Notify the customer promptly of any unauthorized access to personal information or loss, disclosure or alteration of personal information;
  • Help the customer meet its obligations in the event of a data breach; and
  • Require all individuals with access to personal information to be bound by a confidentiality agreement. 

Privacy protections are increasingly the focus of existing and proposed state and federal laws here in the United States, and mandated by various jurisdictions around the world. As a result, ISO/IEC 27018 may emerge as a commonly utilized standard for cloud service providers to follow in order to protect personal information in the cloud. 

Article by: Adams and Reese Partners Jack Pringle and Jaimmé Collins

Adams and Reese is a multidisciplinary law firm with 300 attorneys and advisors strategically located in 16 offices in 15 markets throughout the southern United States and Washington, D.C. American Lawyer includes Adams and Reese on its distinguished list of the nation's top law firms - "The Am Law 200". The National Law Journal also includes the firm on the "NLJ 350" list of the nation's largest law firms.

Posted: 4/27/2015 7:30:00 AM | with 0 comments
Filed under: adams, and, business, cloud, for, international, microsoft, organization, privacy, reese, small, standard, standardization

Blog post currently doesn't have any comments.
Leave comment Subscribe

Is three > than eight? (true/false)

Your business may be small, but that doesn't mean that your impact can't be huge! The Greater Memphis Chamber's Small Business Council serves to encourage, support, recognize and be a resource to small- and medium-sized businesses in the Memphis area. Here, our talented panel of contributors will present big ideas that could make a huge difference to your small business. And don't be afraid to ask questions ... no matter how small.

Sales & Small Business Ownership
Voss W. Graham is CEO and Senior Business Advisor for InnerActive Consulting Group Inc. He is known by his clients as "a knowledgeable partner who helps our team achieve business growth." He provides practical experience as a small business owner for over 29 years, yet is often engaged with Fortune 500 companies in the development of their people and business strategies.

Public Relations
Several professionals and strategists from the local Obsidian Public Relations firm provide excellent advice on everything from research to media relations to event planning. They believe that all companies, no matter how big or small the company or its budget, should have a public relations plan driving how they manage their relationships with key stakeholders. Public relations is an integral part of doing business the right way.

Human Resources
Joel Myers is a career Human Resources professional, with over 40 years in the field including 26 years in consulting.

Small Business Advice
Tom Pease is a small business owner of an office equipment dealership called e/Doc Systems, Inc. He has also owned a full-line Kawasaki dealership as well as a document shop. He used 30+ years of experience in owning a business to author two books, including: Going Out of Business by Design: Why 70% of Small Businesses Fail and Small Business Survival 101. He also has published 85 columns in The Memphis Daily News as the Small Business Advisor.

Marketing & Public Relations
Lori Turner-Wilson is CEO and Founder of RedRover Company, a sales development, marketing and PR consulting firm. Lori works with companies large and small, from start-ups to mature organizations, to help them improve the productivity of their sales force and the return on their marketing investment. Lori writes a weekly syndicated column for the Daily News, Memphis News, Nashville Ledger, and Desoto Times, among others, titled “Guerrilla Sales & Marketing,” for which she won a 2011 Summit International Award and 2012 International Communicator Award.

Design and Digital Strategy
Founded in 1999, inferno provides brand development, advertising, public relations, design and digital marketing services to clients across a broad spectrum of industries. Headquartered in Memphis with a satellite office in Kalamazoo, Michigan, the award-winning firm produces results-driven work by passionately combining strategic thinking, creativity and culture to ensure the success of its clients. For more information, visit

Labor & Employment Law
Fisher Phillips attorneys are ready to help you take a stand: in court, with employees and unions, or with competitors. Fisher Phillips has the experience and resolve to back you up. That's why some of the savviest employers come to the firm to handle their toughest labor and employment cases. The firm has 350 attorneys in 32 offices, including Memphis. For more information, visit

Since its founding in 2005, Paragon Bank has maintained a solid focus on the community and customer service. For more than 10 years, Paragon has delivered innovative products and financial expertise, convenience, and a deep understanding of what both businesses and individuals need from a ban, in order to provide solutions that make a difference. In the areas of business or personal banking, lending options or wealth management, Paragon delivers cutting edge technology, an experienced team and the most service-oriented staff of any community bank.