Appendix A: Privacy at a Glance
This sample document provides basic criteria to consider when building privacy into software releases. It is not exhaustive and should not be treated as such. For more comprehensive guidance, see Privacy Guidelines for Developing Software Products and Services.
Ten Things You Must Do to Protect Privacy
Collect user data only if you have a compelling business and user value proposition. Collect data only if you can clearly explain the net benefit to the user. If you are hesitant to tell users what you plan to do, then don’t collect their data.
Collect the smallest amount of data for the shortest period of time. Collect personal data only if you absolutely must, and delete it as soon as possible. If there exists a need to retain personal data, ensure that there is business justification for the added cost and risk. Do not collect data for undefined future use.
Collect the least sensitive form of data. If you must collect data, collect it anonymously if possible. Collect personal data only if you are absolutely certain you need it. If you must include an ID, use one that has a short life span (for example, lasting a single session). Use less sensitive forms of data (for example, telephone area code rather than full phone number). Whenever possible, aggregate personal data from many individuals.
Provide a prominent notice and obtain explicit consent before transferring personal data from the user's computer. Before you transfer any personal data, you must tell the user what data will be transferred, how it will be used, and who will have access to it. Important aspects of the transfer must be visible to the user in the user interface.
Prevent unauthorized access to personal data. If you store or transfer personal data you must help protect it from unauthorized access, including blocking access to other users on the same system, using technologies that help protect data sent over the Internet, and limiting access to stored data.
Get parental consent before collecting and transferring a child's personal data. Special rules for interacting with children apply any time you know the user is a child (because you know the child’s age) or when the content is targeted at or attractive to a child.
Provide administrators with a way to prevent transfers. In an organization, the administrator must have the authority to say whether any data is transferred outside the organization's firewall. You must identify or provide a mechanism that allows the administrator to suppress such transfers. This control must supersede any user preferences.
Honor the terms that were in place when the data was originally collected. If your team decides to use data, its use must be subject to the disclosure terms that were presented to the user when it was collected.
Provide users access to their stored personal data. Users have a right to inspect the personal data you collect from them and correct it if it is inaccurate—especially contact information and preferences. You also need to ensure that the user is authenticated before he or she is allowed to inspect or change the information.
Respond promptly to user questions about privacy. Inevitably, some users will have questions about your practices. It is essential that you respond quickly to such concerns. Unanswered questions cause a loss of trust. Be sure a member of your staff is ready to respond whenever a user asks about a privacy issue.
Content Disclaimer
This documentation is not an exhaustive reference on the SDL process as practiced at Microsoft. Additional assurance work may be performed by product teams (but not necessarily documented) at their discretion. As a result, this example should not be considered as the exact process that Microsoft follows to secure all products. This documentation is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. This documentation does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. © 2012 Microsoft Corporation. All rights reserved. Licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported |