We live in a world where we produce gigabytes of data every minute. There are more videos created on YouTube each hour than anyone can view, and on Twitter it sometimes seems there should be a pause button on that endless data stream.
For individuals or organizations of a nefarious nature, those data sets have never been more valuable. When we create data, no matter if it's documents, tweets, or status updates, we feel an invasion of privacy when that data gets into the wrong hands.
This desire for privacy not only applies to our personal lives but is also important in our working lives too. Individuals have never been more aware of the risks to their information and companies share the same concerns. Technology - (SharePoint, Office 365) - on the whole, aims to look after our privacy and safeguards us from outside predators that are looking to steal, use or replicate what we regard as private.
But what happens to our Office 365 data ownership and privacy?
Someone stole my document!
Working in an environment like Office 365 (and SharePoint) should be easy in terms of privacy. Every user can create as many documents as he or she wants and can store them on their OneDrive, or at any other location assuming they have the correct permissions to do so.
While creating data, no one needs to feel concerned about the privacy settings that are implemented on it - within Office 365, privacy is seen as a given.
This is part of Microsoft's approach - Privacy by Design - which describes not only how they build products, but also how they operate services and structure their internal governance practices. This comprehensive approach includes all of the people, processes and technologies that help to maintain and enhance privacy protections for their customers.
As part of the development process, multiple reviews are performed before the software is released. These reviews include:
- Verification of the presence of privacy-related features that allow customers to control who can access their data and configure the service to meet the customer's regulatory privacy requirements
- Identify possible privacy risks
- Identity required meditation actions so the engineers can implement them
- In a final review, determine whether all requirements were met
Office 365 contains a set of privacy controls that allow users to configure who in the organization has access and what they can see. One of these controls or solutions is the Rights Management Service that can control the permission of data - for example, preventing an e-mail from being forwarded or preventing the print option for a document. Multiple design elements helps the user by preventing the mingling of your data with other organizations.
In addition to privacy controls to assist users, there is an extensive set of auditing and supervision options to prevent admins from gaining unauthorized access to data.
Who owns our company documents?
When storing your sensitive documents into a datastore like Office 365, you remain the sole owner of the data. You retain the rights, title, and interest in the data you store on a platform like SharePoint, OneDrive or Exchange.
Microsoft’s policy guarantees that they'll not mine your data for advertising purposes or use your data except for purposes consistent with providing the cloud productivity services. One example of this is the fact that your (meta)data can get 'mined' in some way to provide services like Delve. That 'mining' results in a better customer experience for the users and has no commercial purpose.
Within Office 365, data-ownership means that you're the owner of the data; Microsoft is the custodian or the processor of your data. When you choose to leave the service or you want to download a copy of all your data for any reason, you can take your data with you by using one or more of the following options:
- Exchange Online data, including emails, calendar appointments, contacts, and tasks, can be downloaded to a local computer by any end user at any time via the Import and Export wizards.
- SharePoint Online documents can be downloaded at any time from the workspace into your local computer.
- Vanity domain names such as contoso.com can be removed by following the Domain Removal instructions in Office 365 Help.
- To download a copy of end-user metadata (such as email address, first and last name, and other data), you can use PowerShell cmdlets.
Upon expiration or termination of your Office 365 subscription or contract, Microsoft will provide you, by default, additional limited access for 90 days to export your data.
My data is safe!
With the Trust Center, Microsoft provides their users a clear understanding of how the corporation treats customer data.
With their solid Privacy by Design approach, you can be sure that your privacy is ensured at any point in the data creation, storage or consumption process.
With the Rights Management Service for example, you can control what happens with your data.
In addition to the privacy aspect, Microsoft also provide assurances around data-ownership. Fundamentally, you retain ownership of your data at all times and there is no way your data is used for any other commercial service.
With these steps, Microsoft made clear that Office 365 is here for helping users to be more productive in a data consuming world and not for their own profit. The world is rapidly changing and a service like Office 365 needs to adapt to the new standards and needs of customers. So, keep an eye on the Trust Center Blogs to keep up to date of how they’re doing this!