The diagnostics Microsoft Office collects from users should be a source of concern for any government CISO, according to a DPIA audit.
A report commissioned by the Dutch government has recommended disabling any settings in Microsoft Office 2016 that sends data to Microsoft servers.
Dutch government users have also been advised to consider alternatives to Microsoft Office.
A Data Protection Impact Assessment (DPIA) conducted by Privacy Company for the Dutch Ministry of Security and Justice has found that Microsoft has been collecting vast amounts of personal data.
“Microsoft systematically collects data on a large scale about the individual use of Word, Excel, PowerPoint and Outlook.
“Covertly, without informing people, Microsoft does not offer any choice with regard to the amount of data, or possibility to switch off the collection, or ability to see what data are collected, because the data stream is encoded,” Privacy Company wrote in a blog post covering its findings.
While Microsoft is considered a data processor, the report warned that the way it collects data from users for diagnostics means it should be classified as a joint controller as defined in article 26 of the GDPR.
[
link to www.computerweekly.com (secure)]
Anything Microsoft is one big spying tool.