PowerPoint Presentation

2.3 ()15+15 30+30 11 ()/1436782891110 1213131127/// ()17564.5. () 6.

(1/3)7

2012-09-26 (2/3)8

=> (De-Identification)Sunrise ****** (Masking) (Scrambling)E123456789 E125436789(Hiding) Confidential

2012-09-26 (3/3)9 (//)2012-09-26

(Privacy)(Security)

11

11Protecting personal information from unauthorized access and use is one of the most critical issues Microsoft faces. Given the potential damage to customer trust, every employee must recognize their role in ensuring that personal data is kept both private AND secure which arent necessarily the same thing. (Refer to the detailed graphic on the slide for more information on overlapping subjects.)

A secure system may still fail to protect user privacy. Some issues fall entirely within the scope of Security; other issues are centered within Privacy. Areas of overlap can create security/privacy challenges.

Once you have disclosed how data will be used, you need to ensure controls are in place so that it can only be used for legitimate purposes.

MBI - Microsoft internal use only, : , , , , , , ,

12As covered in Privacy 101: Privacy is about being transparent with customers, giving them a choice, protecting the data we have collected, and using data only for the purposes weve disclosed and that the customer has agreed to.12MBI - Microsoft internal use onlyPrivacy 101

: , , ,

,

: , ,

,

: , , , ,

: , , , , , (, , )

14, , : IP : , ,

15CollectionWe collect personal information from individuals only for the purposes identified in the privacy notice we provided and only to provide the product or service the individual has requested or authorized.

Data MinimizationOnly collect data that is necessary to fulfill the task. If you dont need it, dont collect it.

15MBI - Microsoft internal use only(Privacy Statement) 16http://www.microsoft.com/privacystatement/zh-tw/core/default.aspx 16MBI - Microsoft internal use only

20097ITRC400010%18

:

,

(: cookie), 18Instructor Note: This slide contains animations. The first text box (Must) will display with the slide.

1. Click once to display the countries in which these rules apply.Note: These rules only apply to the U.S. (under 13), South Korea and Spain (under 14), where they are legal requirements.

2. Click once to display the text box indicating how age should be collected, and the need for using session cookies.

COPPA is a law that covers the collection of childrens information online. This applies to websites and online services (including those provided through software products) if the childs PII is sent over the Internet.

See http://www.ftc.gov/privacy/coppafaqs.htm FAQ #33.

NOTE: The largest FTC fines are the result of COPPA violations.

Windows 8 Family Safety

Microsoft Governance Framework21

To give you a very high level look at the Privacy for development ecosystem:

At the very highest level is the Corporate Privacy Groups Microsoft Privacy Policy. We then build on the policy by creating specific guidance for product development in the Privacy Standards, such as the Microsoft Privacy Standard for Development (MPSD). The SDL provides the process for implementing the rules in the MPSD, and this points you to the tools and additional resources that exist to help implement. For guidance along the way the Microsoft Privacy Cabinet is responsible for overseeing MPSD updates and improvements, the Privacy Managers in each division enforce the process and complete high privacy impact privacy reviews, while the leads and champs in each feature group are the front line on the ground.

There is also a Privacy Management Committee (PMC) that oversees the adoption of new versions of policies and standards.21MBI - Microsoft internal use only

Privacy Standards

Microsoft Privacy Standard for Development (MPS)

MPS Public

Processes

Tools

Additional Resources

Security Development Lifecycle

Privacy Champs

KB Articles

Privacy Bug Bar

FAQs

Privacy Policy

Escalation Path

Microsoft Corporate Privacy Policy

Privacy Leads

TwC Privacy

Privacy Forms

Privacy Managers