Microsoft: ‘We can hand over Office 365 data without your permission’

June 25, 2011

Microsoft’s words, not mine.

Hidden within a whitepaper, detailing the security features in the upcoming Office 365 suite, it reveals links to the Trust Center; a treasure trove of data protection policies and legalities of how Microsoft will handle your data in its cloud datacenters.

In light of the Patriot Act furore, customers of cloud services are naturally becoming more aware of the limitations to cloud security and privacy; with legalities and powerful acts of law taking precedent.

In short, Microsoft states:
“In a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements, or to protect the rights or property of Microsoft or others (including the enforcement of agreements or policies governing the use of the service).”

This covers all users and data of Microsoft Online Services, including the current offering of BPOS (Business Productivity Online Suite), currently in migration to Office 365. Current Live@edu users are also affected by this — mostly schools and colleges — which are also upgrading to Office 365.

It goes on:
“Accordingly, if a governmental entity approaches Microsoft Online Services directly for information hosted on behalf of our customers, [Microsoft] will try in the first instance to redirect the entity to the customer to afford it the opportunity to determine how to respond.”
“…and will use commercially reasonable efforts to notify the enterprise customer in advance of any production unless legally prohibited.”

Geographic location of data is crucial to the customer. Microsoft respects this, with only a few exceptions:
“As a general rule, customer data will not be transferred to datacenters outside that region. There are, however, some limited circumstances where customer data might be accessed by Microsoft personnel or subcontractors from outside the specified region (e.g., for technical support, troubleshooting, or in response to a valid legal subpoena)”

Yet, Microsoft makes it clear that they will not inform customers when data leaves the country it is stored in. Under EU rules, if data leaves the European zone, customers must consent to this.

Source Microsoft: ‘We can hand over Office 365 data without your permission’

%d bloggers like this: