About Microsoft and Privacy

At Microsoft, we recognize that ensuring privacy is critical to a trustworthy computing experience. Our customers have high expectations about how we collect, use, and store their personal information.

With this in mind, we create our policies and processes to ensure that we:

  • Incorporate privacy into our products during the product’s development.

  • Implement privacy-based technology throughout our internal processes.

  • Ensure that our global privacy policies are correctly implemented throughout the company.

  • Provide leadership for the industry.

Learn more about Microsoft’s commitment to online privacy. We also provide guidance to organizations about the best way to govern and protect the information they collect by using a combination of policy, people, processes, and technology.

You can download the guidance in a white paper, which includes a detailed technology-based framework that organizations can adopt to help protect information.

The framework includes:

  • Secure infrastructure. Systems, networks, and storage require robust protections against data breaches with appropriate security technology, policies, and practices. Organizations need to ensure that this foundation layer of information technology, upon which business solutions are implemented, is managed appropriately.

  • Identity and access control. Technology and policies that restrict access to information to authenticated and authorized users, as well as provide management controls, are an essential line of defense against inappropriate access to personal information. Organizations should deploy and use identity and access controls.

  • Information protection. Information can be stored in structured or unstructured forms, and can flow from one to the other. To prevent data theft, organizations should protect employ technology and policies that protect information, by means of encyrption, regardless of where that information is stored.

  • Auditing and reporting. Organizations should implement technology and policies to verify the security and privacy of information systems and data.

    Check audit trails regularly, to ensure that access to and use of personal information is for legitimate purposes only, and is consistent with the organization’s governance and privacy policies.

Technology should play an integral role in implementing data governance principles through use of a framework with which organizations can protect and manage personal information, mitigate risk, achieve compliance, and promote trust and accountability.

Combined with the right policies, people, and processes, technology can help lay a strong foundation for a successful data governance strategy.

Managing and protecting sensitive personal information is not only the right thing to do for consumers; it’s also a smart business practice.

Was This Information Useful?