Search Icon White

International Standard for Cloud Privacy to Be the Focus of August 27 ANSI Cities Network Webinar


Microsoft Corporation's Adoption of ISO/IEC 27018 on Agenda

The American National Standards Institute (ANSI) Network on Smart and Sustainable Cities (ANSSC) will host its monthly webinar on August 27 from 11:00 a.m. to 12:30 p.m. EDT on ISO/IEC 27018, Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. The featured speaker will be Laura Lindsay, CSG strategist with Microsoft, who will provide a corporate perspective on use of the standard.

ISO/IEC 27018 establishes a uniform, international approach to protecting PII stored in the cloud. The standard is part of a suite of international information security standards developed by ISO/IEC Joint Technical Committee (JTC ) 1, Information technology, Subcommittee (SC) 27 , IT Security techniques. Strong information security standards are essential for smart cities, which are all about collecting, communicating, and analyzing data. ISO/IEC 27018's contribution to overall information security grows in importance as data is increasingly being stored in the cloud.

In a corporate blog earlier this year, Microsoft announced that it had become the first leading cloud provider to adopt the ISO/IEC 27018 standard. Microsoft notes that its adherence to the standard assures the protection of customer's PII in several ways. First, personal data is only processed pursuant to the customer's instructions. Second, adherence to the standard assures that the company is transparent in how it handles, transfers, and deletes customer data, including letting customers know if there is unauthorized access to personal data or if it is lost, disclosed, or altered. Adherence to the standard also provides safeguards in terms of how personal data is transmitted, stored, recovered, and restored, with employees subject to a confidentiality obligation. Fourth, it ensures that personal data won't be used for advertising purposes without the customer's consent. Finally, following the standard assures that the company will let its customers know if it receives a request from law enforcement for personal data, unless such disclosure is prohibited by law.

Laura Lindsay has been working in the industry on cloud computing, information security, international standards, network operations, and architecture for over 20 years. She is the editor of several standards including ITU-T Recommendation Y.3502|ISO/IEC 17789, Information Technology - Cloud computing - Reference architecture. Ms. Lindsay is a part of Microsoft's corporate standards team, working on standards in the area of cloud computing, information security, and internet of things. Her background in delivering security solutions for customers and the industry as a whole has helped to bring an implementer's view to international standards.

Participation in the August webinar is open to individuals who have joined the ANSSC, a forum for information sharing among members of the standardization community, representatives of local governments, and experts in sustainable urban infrastructure planning and development.

To register for the ANSSC and participate in the webinar, please visit


Jana Zabinski

Senior Director, Communications & Public Relations


[email protected]

Beth Goodbaum

Journalist/Communications Specialist


[email protected]