Our Procurement Process

Privacy Statement Publishing Options

Updated: August 2013

When it comes time to publish your privacy statement for vendor-hosted sites, you have the following two options:
  1. You can publish it directly on your own servers.
  2. You can use the Microsoft Privacy Statement Publishing Tool (PrivPub) to update and publish the statement.

Option 1: Publish the Statement Yourself

If you want to publish the statement yourself, you will need to first customize the statement according to the directions.After you have completed customization, you are ready to publish the statement by using your usual web-publishing method. You will be responsible for staging the content and hosting it on your servers.

  • You are familiar with your publishing process, so no time is lost to learning a new tool.
  • You control all timing elements.
  • There are no localized versions of the template available in the toolkit. Therefore option 1 is not recommended if the privacy statement needs to be localized into other languages.
  • You miss out on saving overhead (such as hosting costs and technical problems) when PrivPub does the work to output your statement to a Microsoft.com URL.
  • Customers miss out on the layered, modern design of the PrivPub privacy statements. For examples of the design style, see the Bing and Xbox statements

Option 2: Publish the Statement Through PrivPub

You also have the option to use PrivPub, the Privacy Statement Publishing Tool, to create your privacy statement. PrivPub is a free, web-based tool that allows you to efficiently create and publish statements that share a design style with the Microsoft.com, Bing, and Xbox sites. The tool is free to use and publishes to a platform owned by Microsoft.com. If you choose this option, you’ll start by filling out an onboarding form. After you submit the form, you’ll receive instructions for next steps, including how to customize the privacy statement. Pros
  • PrivPub offers pre-localized versions of the privacy statement in several languages, so only the customized sections of the privacy statement (for example, how customers can access their information) need to be localized. Therefore option 2 is recommended if the privacy statement needs to be localized into other languages.
  • PrivPub provides a layered privacy statement that reflects the Microsoft modern design ethos.
  • You own the content, but Microsoft handles the technical details of publishing and maintaining the pages.
  • With PrivPub’s modular system, you can share modules across separate statements. This is especially useful if you need to publish multiple statements over time.
  • You must have corpnet access to use PrivPub.
  • PrivPub is easy to use but, like any new tool, will require some time to learn. The 30-minute live training is usually sufficient to instruct new users.
  • Microsoft controls two of the timing points: onboarding to the tool and moving the statement from the staging server to the live server. The service level agreement (SLA) for each task is two days, although both tasks are typically accomplished in one day. Using PrivPub is simple—one new user said that she staged her statement in only 15 minutes. However, if you need your statement online within 24 hours, self-publishing might be the better choice.