OneDrive and Office 365 data breach

OneDrive and Office 365 data breach warning from the Dutch Government

Research carried out for the Dutch Government on Microsoft products has revealed that their data collection methods breach EU GDPR data collection regulations.

The research conducted by the firm Privacy Company resulted in a 91 page report of its findings, which included eight high-risk data protection risks with ProPlus subscriptions of Office 2016 and Office 365, as well as the web-based Office 365.

They relate to a telemetry data collection method used by Microsoft which include unlawful storage of sensitive categories of data and metadata and keeping data beyond the time needed.

Microsoft systematically collected data about individuals’ use of Microsoft Office apps such as Word, Excel and PowerPoint without informing people, and did not offer users a choice to turn this off, the report found. This information is routinely sent to the USA.

The Dutch Government has negotiated a plan with Microsoft to improve its compliance but has warned that if there is insufficient progress it may contact the EU Data Protection Authority to investigate and if necessary, use enforcement action. Fines can be imposed that could be as much as £20 million, or 4% of the company’s global annual turnover.

The Privacy Company has also outlined several measures IT administrators can take to lower the risks of privacy breaches, such as centrally blocking the use of Connected Services, not using OneDrive, and not using the web-only version of Office 365.

More information can be found here

Christmas giveaway! We are giving a Cadbury’s Selection tray to every customer who purchases a laptop or has a repair from December 1 to December 24.