Who's Responsible For Your Data Protection?

March 26, 2021

Who's Responsible For Your Data Protection?

These days many businesses and individuals rely on systems such as Microsoft 365, Google Workspaces, and Dropbox for data storage, communication, and many other tasks.

These popular platforms have strong security in place for the most part, but this does not mean they are bulletproof. In the event of a breach through these vendors, your sensitive data could get lost or stolen. But who is responsible for the data loss?

What many don't realize is that in the terms and conditions for these software platforms, there are shared responsibility clauses in place.

For example, in the case of a breach, Microsoft will take the blow for hardware and software failures, natural disasters, and power outages, but they will not be held responsible for human errors, viruses, malware, inside actors, or programmatic errors.

This may come as a shock to many, but companies like Microsoft do not protect their users from data loss in the event of app outages or deprovisioned user accounts. And with 47% of data loss incidents occurring due to end user deletions, these platforms strategically put in place terms and conditions that ensure that they are not liable for any data deletion or loss.

This is why it is crucial to constantly back-up sensitive data and also to avoid putting all of your eggs in the same basket.

The Shared Responsibility Model

The Shared Responsibility Model was created by Microsoft to outline who is responsible for data in different scenarios of data loss.

Software as a Service (SaaS) vendors are only responsible for data protection and data loss some of the time. That means end users are responsible for data security and data loss the rest of the time.


A lot of businesses and individuals will choose the cloud to store their back-ups, however, the cloud, just like any other platform, has the ability of being breached.

Human errors and ransomware attacks are at an all-time high as a result of lack of proper education, weak cybersecurity, poor online security hygiene, and more sophisticated cybercriminals. This is why keeping all of your data stored in one spot can be extremely risky.

Here Are 3 Main Takeaways:

1. Ensure you're doing regular back-ups for all of your systems

2. Diversify where you store your sensitive data so you're not putting all of your eggs in one basket

3. Read the terms and conditions of the software services you use to know exactly what you're responsible for in the event of a data breach

Prevent and protect. Try it for 1-month.