News

Microsoft To Release Privacy Guidelines

Microsoft Corp. is preparing to release privacy guidelines based on its own internal practices in hopes of getting companies to adopt more cohesive standards for safeguarding people's personal information.

Microsoft will issue the hefty document Thursday, urging commonsense practices such as clearly telling customers why a company collects personally identifiable information like e-mail addresses or phone numbers.

Among other things, the document also calls for companies to make a business case for why the information is needed and recommends they delete data no longer needed for that purpose. Microsoft also recommends internal practices that can help keep personal information such as credit card numbers from accidentally getting into the wrong hands.

The company wants to work with other companies to eventually establish some more generally agreed-upon guidelines, although it's unclear how long that will take.

The move comes as more people are entrusting technology companies with their communications, digital photos, business documents and other data, raising concerns about how personal information might be amassed and used. Microsoft and other companies need to make sure consumers trust them, or they risk losing that business.

Analysts credit Microsoft with having a major change of heart about privacy about five years ago, following backlash over Hailstorm, a product that sought to store all sorts of personal information under one logon, so people could more easily access accounts and products online. The product, now called Passport, was scaled back considerably after people balked at leaving all their information in the hands of just one company.

Peter Cullen, Microsoft's chief privacy strategist, said the product was an eye-opener about the importance of giving users control of their own data.

"It's a great example of what on the surface was a solution to a very real problem _ how do you manage identity?" Cullen said. "... What I think we didn't understand fully was that not everybody would be comfortable with a Microsoft in between."

Around that time Microsoft also launched a major effort to improve the security of its products, following a barrage of Internet attacks. Cullen said that effort, called Trustworthy Computing, included adding more privacy safeguards, such as what is laid out in the paper being released this week.

"Privacy is one of those areas, from my perspective, where Microsoft's done pretty well. It kind of had to," said Joe Wilcox, an analyst with Jupiter Research.

Wilcox said Microsoft may be able to gain an even greater competitive advantage if, through these guidelines and other measures, it can establish itself as the industry leader and the force behind any industry standards on privacy.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, said Microsoft has spent more time thinking about these types of issues than some of its younger competitors, which may not have yet faced the privacy problems Microsoft has dealt with.

"Microsoft is now a grown-up, and there are a lot of kids running around," Rotenberg said. "I think Microsoft is sort of more willing to think about long-term policies and privacy protection and make that part of their business plan."

But Rotenberg said Microsoft could still do better. The company recently started a new business selling Internet-based advertising, called adCenter. It relies heavily on gearing ads toward people with specific demographic traits, which Rotenberg said could raise privacy concerns.

The company also took heat recently for a program that aimed to check whether copies of its Windows operating system were genuine. Microsoft initially failed to adequately disclose that the program would check in daily with the company. Microsoft has since changed the product and revised its disclosures.

Cullen said Microsoft has built safeguards to separate demographic information it uses in products like adCenter from personally identifiable information, such an e-mail address. But he concedes that the company initially fell short with its anti-piracy effort.