In our world of big data, complying with privacy and data use regulations can become a tangled mess.
The rapid spread of privacy and cybersecurity threats has spawned a generation of local, national, and international regulations on how personal data may be stored and transmitted.
Regulations may set out requirements for document retention, email security, data storage location, or other matters. And chats or emails may need to be archived for legal purposes.
Moreover, a particular company may need to comply with more than one regulatory framework. And company policies may exist in addition to regulations created by governments, adding to the complexity.
IT compliance asks the big question: How do you get your entire organization — with all its servers, desktops, mobile devices, networks, software, and other technologies spread around many locations — in compliance with all these regulations?
Recently, Microsoft announced a comprehensive package that:
“combines Office 365 Advanced Compliance and Azure Information Protection. It’s designed to help compliance and IT teams perform ongoing risk assessments across Microsoft Cloud services, automatically protect and govern sensitive data throughout its lifecycle, and efficiently respond to regulatory requests leveraging intelligence.”
Microsoft 365 (Office 365, Windows 10, and Enterprise Mobility + Security) comes compliant out of the box with many frameworks. Office 365 and OneDrive for Business, for instance, are HIPAA compliant for email and cloud storage.
In fact, Office 365 supports IT compliance with the:
- Federal Information Security Management Act (FISMA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Family Educational Rights and Privacy Act (FERPA)
- European Union Model Clauses
- EU-US Privacy Shield Framework (replaced the Safe Harbor Framework in 2016)
- International Organization for Standardization
- California Consumer Privacy Act (CCPA)
- General Data Protection Regulation (GDPR)
… and many other compliance frameworks.
The California Consumer Privacy Act will apply to all companies doing business in California. Since the CCPA and GDPR are similar in many ways, you can already use Compliance Manager’s GDPR framework to start preparing for the CCPA to take effect in January 2020.
Through the Compliance Manager, you can ensure proper, consistent compliance throughout your organization from a single dashboard.
And a simple graphical interface provides an overview from which you can drill down into the details of all your compliance activities.
The Compliance Manager provides all the controls you need to conduct ongoing risk assessment, protect your data, and respond to requests for data to meet compliance obligations. That includes things like applying retention labels to ensure that documents cannot be deleted too soon, but get deleted automatically when their retention period expires.
You can do this without disrupting normal business operations, and with a minimum of effort and cost.
Also, you can assign and contact individuals directly from the dashboard to take action on specific compliance items. Detailed permissions let you create user roles and delegate access.
In addition, Microsoft 365 incorporates Azure Active Directory, Azure Information Protection, and other Azure cloud services to handle policies and permissions.
Azure: Think Globally, Act Locally
Behind the scenes, Microsoft’s Azure cloud services enable IT compliance at a whole new level.
For example, some data privacy laws require that data be stored locally, i.e. in the same geographical area as the company or consumer.
With cloud data centers at more than 100 facilities in 54 regions in 140 countries, Azure enables local data segmentation without sacrificing global scalability. Compliance policies can be applied where they’re needed. Data is stored where it needs to be, but still can be accessed anywhere.
Think Future, Act Now
Is your company ready for the California Consumer Privacy Act coming in January 2020?
READING & RESOURCES