A woman standing at a desk in an office, logging in to her laptop.

The My Number Act (Japanese and English) was enacted in 2013, and took effect in January 2016. It assigns a unique number—My Number is also called the Social Benefits and Tax Number—to every resident of Japan, whether Japanese or foreign. The Personal Information Protection Commission has issued guidelines and Q&A (in Japanese) to ensure that companies properly handle and adequately protect My Number data as required by law.

While the responsibility and ownership of personal data is with our customers, per the Online Services Terms, Microsoft contractually commits that Azure, Dynamics 365, Intune, and Office 365 in-scope cloud services have implemented technical and organizational security safeguards to help our customers protect individuals’ privacy. These safeguards are based on established industry standards, such as ISO and Service Organization Controls (SOC).

Furthermore, Microsoft does not have standing access to My Number data stored in these in-scope cloud services, so companies do not need to supervise handling of data by Microsoft (as outlined in Q3-12). Nonetheless, companies are required to take appropriate safety measures to protect My Number data stored in the cloud (Q3-13).

In accordance with the Argentine National Constitution, the Argentina Personal Data Protection Act 25,326 aims to protect personal information recorded in data files, registers, banks, and elsewhere to help protect the privacy of individuals, and also provide a right of access to the information that may be recorded about them. In a data transfer agreement, we contractually commit that Azure, Dynamics 365, Intune, and Office 365 in-scope services have implemented the applicable technical and organizational security measures stated in Regulation 11/2006 of the Argentine Data Protection Authority. Moreover, we make important commitments regarding notifications, auditing of our facilities, and use of subcontractors.


Canadian privacy laws—such as the Privacy Act, Personal Information Protection and Electronic Documents Act (PIPEDA), Alberta Personal Information Protection Act (PIPA), and British Columbia Freedom of Information and Protection of Privacy Act (BC FIPPA)—aim to protect the privacy of individuals, and give them the right to access information gathered about them. The laws require organizations to take reasonable steps to safeguard information in their custody or control, and cover personal information that is held and processed by governments and private organizations in data files, registers, and elsewhere.

Ultimately, the responsibility and ownership of personal data lies with our business customers, per the Online Services Terms. However, Microsoft contractually commits that Azure and Intune in-scope services have implemented security safeguards to help them protect the privacy of individuals, based on established industry standards such as ISO/IEC 27001 and the SOC framework. We have assessed our practices in risk, security, and incident management; access control; data integrity protection; and other areas relative to the recommendations from the Office of the Privacy Commissioner of Canada, and have determined that the in-scope services are capable of meeting those recommendations.

Our primary privacy principles

Graphic icon of three slider switches to represent control


We will put you in control of your privacy with easy-to-use tools and clear choices.

Graphic icon of an eye that is wide open.


We will be transparent about data collection and use so you can make informed decisions.

Graphic icon of a shield with an exclamation point in the middle


We protect your data with strong security and encryption. To learn more, visit Microsoft Security.

Graphic icon representing a document box with a shield on the front

Strong legal protections

We will respect your local privacy laws and fight for legal protection of your privacy as a right.

Graphic icon of a person centered between four corners to represent a target

No content-based targeting

We will not use your email, chat, files, or other personal content to target ads to you.

Graphic icon of a line graph with an arrow representing an upward trend

Benefit to you

When we do collect data, we will use it to benefit you and to make your experiences better.

How Microsoft manages data

You own your data

Customer data is only used to provide agreed upon services and if you leave the data is removed.

Where your data is located

Need to maintain data in a specific location, such as the EU? Rely on our network of datacenters.

Who has access to data

Access your own data at any time for any reason knowing it’s protected from inappropriate access.

Government requests

See the report we publish twice a year on the number of legal demands we receive for customer data.

Our approach to reporting

Make informed choices about our products and services, and evaluate our CSR commitments.

Protecting your privacy

Read how Microsoft won a court case to protect email from search warrants.

We offer a policy roadmap—a set of 78 recommendations in 15 policy categories—as the foundation for a regulatory environment that leads to a trusted, responsible, and inclusive cloud.

The new CLOUD Act creates a modern legal framework for how law enforcement agencies can access data across borders.



Please enter your comment!
Please enter your name here

Comment moderation is enabled. Your comment may take some time to appear.