Practices

Microsoft's global privacy community helps to ensure that the company's privacy policies, procedures, and technologies are applied within our business units. This community includes a three-tiered group of privacy champs, leads, and managers who work with developers, marketers, lawyers, and business executives to review Microsoft products and services and provide guidance on privacy-related issues.

The Trustworthy Computing Group at Microsoft focuses on creating and delivering secure, private, and reliable computing experiences based on sound business practices. Our goal is a safer, more trusted Internet. The privacy group within Trustworthy Computing manages our privacy governance program, which includes ongoing employee training, identification of emerging privacy issues in the industry, and regular updates to our privacy standards.

Microsoft Corporate Privacy Policy and Microsoft Privacy Standard

The Microsoft Corporate Privacy Policy comprises 10 privacy principles (DOC, 164 KB) for the protection and appropriate use of customer information, such as information submitted by customers, data obtained from third parties, and data that is automatically collected. In-line with these principles, the Microsoft Privacy Standard (MPS) governs privacy aspects of the development and deployment of Microsoft consumer and enterprise products and services. It informs Microsoft employees and vendors about how to develop products and services with users' privacy in mind so that users are able to better understand and control the collection, storage, retention/destruction, and use of their data.

Privacy Reviews

Microsoft products and services undergo privacy reviews designed to identify privacy requirements and help product teams follow Microsoft privacy policies and standards.

  • The privacy review process identifies privacy risks.

  • Remediation actions are identified and implemented based on review findings.

  • Prior to release, a final privacy review confirms that all requirements are met.

Compliance and Incident Reporting

Each business group within Microsoft is responsible for ensuring compliance with corporate privacy requirements. Our Trustworthy Computing group provides training, tools, and other resources to help engineering and business groups build effective compliance programs. Examples include:

  • Privacy 101 training, which provides a general overview of privacy concepts and considerations at Microsoft.

  • Quality Essentials, a tool that helps teams identify privacy risks (among others) and document specific privacy-impacting behavior in the product or feature.

  • The Privacy Escalation Response Framework, which helps individuals, engineering, and business groups manage events that could impact privacy across Microsoft products, services, marketing, and business practices.