We're excited to announce that Dropbox for Business is one of the first major cloud service providers to achieve certification with ISO 27018 — an emerging global standard for privacy and data protection in the cloud. ISO 27018 was published in August 2014 and was designed specifically to address user privacy. The standard lays out many requirements regarding how Dropbox will and won't use your organization's information:
- Your organization is in control of your data. We only use the personal information you give us to provide you the services you signed up for. You can add, modify, or delete data from Dropbox when you need to.
- We'll be transparent about your data. We'll be transparent about where your data resides on our servers. We'll also let you know who our trusted partners are. We'll tell you what happens when you close an account or delete a file. Lastly, we'll tell you if any of these things change.
- Your data is safe and secure. ISO 27018 is designed as an enhancement to ISO 27001, one of the most accepted information security standards in the world. We received ISO 27001 certification in October 2014, and the requirements for security and privacy under ISO 27018 — such as those around encryption and strict employee access controls — go hand in hand.
- You can verify our practices. As part of our adherence to ISO 27018 and ISO 27001, we will undergo annual audits by an independent third party to maintain these certifications. You can view our ISO 27018 certificate here.
We're pleased to be one of the first companies to achieve ISO 27018 certification. Privacy and data protection regulations and norms vary around the world, and we're confident this certification will help our customers meet their global compliance needs.