Microsoft's global privacy community helps to ensure that the company's privacy policies, procedures, and technologies are applied within our business units. This community includes a three-tiered group of privacy champs, leads, and managers who work with developers, marketers, lawyers, and business executives to review Microsoft products and services and provide guidance on privacy-related issues.
The Trustworthy Computing Group at Microsoft focuses on creating and delivering secure, private, and reliable computing experiences based on sound business practices. Our goal is a safer, more trusted Internet. The privacy group within Trustworthy Computing manages our privacy governance program, which includes ongoing employee training, identification of emerging privacy issues in the industry, and regular updates to our privacy standards.
Microsoft products and services undergo privacy reviews designed to identify privacy requirements and help product teams follow Microsoft privacy policies and standards.
The privacy review process identifies privacy risks.
Remediation actions are identified and implemented based on review findings.
Prior to release, a final privacy review confirms that all requirements are met.
Compliance and Incident Reporting
Each business group within Microsoft is responsible for ensuring compliance with corporate privacy requirements. Our Trustworthy Computing group provides training, tools, and other resources to help engineering and business groups build effective compliance programs. Examples include:
Privacy 101 training, which provides a general overview of privacy concepts and considerations at Microsoft.
Quality Essentials, a tool that helps teams identify privacy risks (among others) and document specific privacy-impacting behavior in the product or feature.
The Privacy Escalation Response Framework, which helps individuals, engineering, and business groups manage events that could impact privacy across Microsoft products, services, marketing, and business practices.