Posted By: Brad Martin

Elizabeth Montalbano, IDG News ServiceTue Oct 17, 8:00 PM ET

Criticized in the past for an initiative that would require the company to collect and catalog personal information about its customers, Microsoft today released an internal document about how it protects customers' privacy. The software giant said it hopes that other companies will adopt similar practices.

ADVERTISEMENT

if (window.yzq_a == null) document.write("");if (window.yzq_a)
{
yzq_a('p', 'P=gfD2kkLaS.arukZnU4w.XwdWSDRIwkU2rwIAC2fN&T=1907ic30l%2fX%3d1161211650%2fE%3d95635473%2fR%3dnews%2fK%3d5%2fV%3d1.1%2fW%3d8%2fY%3dYAHOO%2fF%3d1499368195%2fH%3dY2FjaGVoaW50PSJuZXdzIiBjb250ZW50PSJNaWNyb3NvZnQ7aXQ7aGVscDtJbnRlcm5ldDtzdGVhbDtjcmVkaXQ7c2VjdXJpdHk7UENzO3NlcnZlcjtnaXZlO3N0YW5kYXJkczsiIHJlZnVybD0iIiB0b3BpY3M9IiI-%2fS%3d1%2fJ%3d83A949D1');
yzq_a('a', '&U=13aqtnd32%2fN%3deoWnF0LaX.Q-%2fC%3d380914.7494502.10118472.2498248%2fD%3dLREC%2fB%3d4010562');
}

The company publicly published the 49-page document, called Microsoft's Privacy Guidelines for Developing Software Products and Services, at the International Association of Privacy Professionals Privacy Academy 2006 in Toronto.

The document outlines recommendations for software developers that will help them protect customer privacy when building applications that deal with sensitive information, such as Web sites or Web-based features that send personal information over the Internet, said Peter Cullen, Microsoft's chief privacy strategist. He will speak on a panel at the show on Friday, sharing and discussing the document with attendees there.

For example, Cullen said, Microsoft has implemented a way to erase personal information in the new phishing filter it has built for its Internet Explorer browser. The filter, designed to protect users when they surf to online sites that could use phishing to steal personal information, compares sites that users visit to known phishing sites. Before going to any site to do this verification, however, the filter erases any personal information that would identify which user visited, he said.

Sometimes Insensitive?

Microsoft has not always been seen as sensitive to customer privacy. Five years ago, the company tried to implement a project code-named Hailstorm that would have stored personal and credit-card information and passwords so users could easily log in to various sites. Customers balked at the idea of Microsoft controlling their personal information, and the project never lived up to its hype.

Cullen said Microsoft has learned a lot from such experiences and wants other companies to implement the practices it has developed to protect customer privacy.

"Certainly that and other things have contributed to us thinking deeply with how we provide security and privacy, as well as respect and control with how their information is used," he said. "We think others should join in this discussion."

Microsoft also got into some hot water earlier this year when it was disclosed that a new antipiracy feature in its Windows client operating system, Windows Genuine Advantage (WGA), was sending information from PCs to an internal Microsoft server without users' knowledge through an automatic notification feature. The feature was checking to see if a user's copy of Microsoft Windows was legitimate, in cases where that copy had not yet been verified as authentic. After some people complained that the software was acting like spyware, Microsoft removed the offending feature.

Cullen said the uproar over WGA's notification features and Microsoft's subsequent removal of it give the company "the benefit of hindsight."

"We didn't spend enough time to make sure [the feature] met our standards," he said.

Microsoft continues to do everything it can to avoid violating customer privacy in its products, and will continue to review each product carefully to make sure it meets the internal standards made public today, he added.

The information reported above is property of Yahoo! inc. and reprinted or modified with legitimate permission.