PowerPoint Presentation
2.3 ()15+15 30+30 11 ()/1436782891110 1213131127/// ()17564.5.
() 6.
(1/3)7
2012-09-26 (2/3)8
=> (De-Identification)Sunrise ****** (Masking)
(Scrambling)E123456789 E125436789(Hiding) Confidential
2012-09-26 (3/3)9 (//)2012-09-26
(Privacy)(Security)
11
11Protecting personal information from unauthorized access and
use is one of the most critical issues Microsoft faces. Given the
potential damage to customer trust, every employee must recognize
their role in ensuring that personal data is kept both private AND
secure which arent necessarily the same thing. (Refer to the
detailed graphic on the slide for more information on overlapping
subjects.)
A secure system may still fail to protect user privacy. Some
issues fall entirely within the scope of Security; other issues are
centered within Privacy. Areas of overlap can create
security/privacy challenges.
Once you have disclosed how data will be used, you need to
ensure controls are in place so that it can only be used for
legitimate purposes.
MBI - Microsoft internal use only, : , , , , , , ,
12As covered in Privacy 101: Privacy is about being transparent
with customers, giving them a choice, protecting the data we have
collected, and using data only for the purposes weve disclosed and
that the customer has agreed to.12MBI - Microsoft internal use
onlyPrivacy 101
: , , ,
,
: , ,
,
: , , , ,
: , , , , , (, , )
14, , : IP : , ,
15CollectionWe collect personal information from individuals
only for the purposes identified in the privacy notice we provided
and only to provide the product or service the individual has
requested or authorized.
Data MinimizationOnly collect data that is necessary to fulfill
the task. If you dont need it, dont collect it.
15MBI - Microsoft internal use only(Privacy Statement)
16http://www.microsoft.com/privacystatement/zh-tw/core/default.aspx
16MBI - Microsoft internal use only
20097ITRC400010%18
:
,
(: cookie), 18Instructor Note: This slide contains animations.
The first text box (Must) will display with the slide.
1. Click once to display the countries in which these rules
apply.Note: These rules only apply to the U.S. (under 13), South
Korea and Spain (under 14), where they are legal requirements.
2. Click once to display the text box indicating how age should
be collected, and the need for using session cookies.
COPPA is a law that covers the collection of childrens
information online. This applies to websites and online services
(including those provided through software products) if the childs
PII is sent over the Internet.
See http://www.ftc.gov/privacy/coppafaqs.htm FAQ #33.
NOTE: The largest FTC fines are the result of COPPA
violations.
Windows 8 Family Safety
Microsoft Governance Framework21
To give you a very high level look at the Privacy for
development ecosystem:
At the very highest level is the Corporate Privacy Groups
Microsoft Privacy Policy. We then build on the policy by creating
specific guidance for product development in the Privacy Standards,
such as the Microsoft Privacy Standard for Development (MPSD). The
SDL provides the process for implementing the rules in the MPSD,
and this points you to the tools and additional resources that
exist to help implement. For guidance along the way the Microsoft
Privacy Cabinet is responsible for overseeing MPSD updates and
improvements, the Privacy Managers in each division enforce the
process and complete high privacy impact privacy reviews, while the
leads and champs in each feature group are the front line on the
ground.
There is also a Privacy Management Committee (PMC) that oversees
the adoption of new versions of policies and standards.21MBI -
Microsoft internal use only
Privacy Standards
Microsoft Privacy Standard for Development (MPS)
MPS Public
Processes
Tools
Additional Resources
Security Development Lifecycle
Privacy Champs
KB Articles
Privacy Bug Bar
FAQs
Privacy Policy
Escalation Path
Microsoft Corporate Privacy Policy
Privacy Leads
TwC Privacy
Privacy Forms
Privacy Managers
