Call today! 1 866 3 NYMITY
Username: Password:
Nymity News
Nymity logo
Home About Us

Interview with sue glueck

September 2006

 

Interviewee: Sue Glueck, Senior Attorney, Microsoft Corporation

 

Interviewer: Terry McQuay, President of Nymity

 

Note: Sue Glueck is a featured speaker at the upcoming IAPP Privacy Academy conference.  Learn more.

Subject: Privacy in the Product Development Lifecycle
 
Nymity: You will be doing a session on Privacy in Product Development at the upcoming IAPP Privacy Academy in Toronto. What do you plan to cover?

 

Sue:  We’ll be covering several topics about privacy in product development. Jeff Friedberg, the Director of Windows Privacy, will share some of our experiences integrating privacy into our development cycle. It will include a tour of our privacy process and a discussion of some of the unique challenges we faced. Jeff and I will also discuss specific scenarios that present some challenges when developing software products and services. Examples of these scenarios include transferring personal information to and from a customer’s computer, as well as transferring personal information to third parties.

 

We’re very fortunate to have two other panelists: Ari Schwartz from the Center for Democracy and Technology (www.cdt.org/) and Fred Carter from Ontario's Information and Privacy Commission.

 

Nymity:  Why is privacy in product development important?

 

Sue Customers are increasingly concerned about their privacy when using software based products and web services. For example, in February 2006, RSA Security’s Internet Confidence Index found that “almost half of U.S. consumers stated that that they have little or no confidence that several groups are taking the necessary steps to secure personal data”.

 
Nymity:  Who is the intended audience?

 

Sue:  The intended audience includes privacy professionals, anyone who participates in the development of software and web services, as well as customers who use software and web services and are concerned about their privacy. We would like to start a dialog in the software industry and collectively focus on improving customers’ privacy. We hope this session is a starting point for that dialog.

 
Nymity:  You mentioned that, among other things, you would be discussing the transfer of personal information to and from a customer’s computer. What do you recommend?

 

Sue:  There are a number of important considerations for this scenario, as I’m sure you know. We’ll be discussing transfer of customer information by software products (e.g., product registration) and web sites (e.g., collection of personal information in a web form). We will also cover transferring personal information back to the customer’s system – for example, displaying profile information stored by a company for the customer’s convenience when doing business online with the company.

 

At a high level:

        • The customer must be given prominent notice and must provide explicit opt-in consent prior to the transfer of personal information from their system
        • Data transferred must be limited to the minimum amount of data necessary to achieve the business purpose
        • Secure methods that prevent unauthorized access should be used to transfer personal information over the Internet
        • The customer must have the ability to update or correct personal information, including contact preferences if the personal information will be used for secondary purposes such as marketing.

 

In addition to high level concepts, we plan to discuss practical suggestions. For example, one suggestion we have is to avoid using a method of web form submission that could potentially expose personal data (e.g., the HTTP GET method).

 
Nymity:  You also mentioned transferring customers’ personal information to third parties. What are your recommendations?

 

Sue: We will discuss transfer to both independent third parties and agents. We think these scenarios are very important because customers are concerned about losing control of their data. To give some examples of our recommendations, we believe that third parties must limit their use to what was originally disclosed and agreed to by the customer. In the case of transfer to independent third parties, customers must explicitly opt-in. Third parties to whom customers’ personal information is transferred must also take reasonable measure to keep the data safe and prevent its abuse. A contract with the third party must be in place before personal information can be shared. It makes the third party’s obligations clear and keeps them accountable.

 

Nymity:  Previously, we heard from John Weigelt (Interview) that privacy is incorporated in Microsoft’s Software Development Lifecycle. Will you be discussing this in your session?

 

Sue: Yes, we will. As part of Jeff Friedberg’s presentation, he will discuss how privacy has been incorporated into the Security Development Lifecycle (SDL) in the form of our internal privacy guidelines. The SDL applies company-wide to the development of our software and services and addresses all stages of software development, from definition of requirements during early design, through implementation, release and support. Many of our products have gone through or are going this process, including Microsoft Windows Vista and Microsoft Office 2007. In those instances, the SDL was instrumental in helping us to design notice and consent experiences in the early stages of development, as well as draft layered privacy statements for the products (an example is the Windows Vista Privacy Statement).

 

Overall, this has been very helpful. Developers want to do the right thing and respect customers’ privacy. Having privacy guidelines in a process like the SDL gives developers the knowledge and tools to do so. For example, at Microsoft, when Internet Explorer version 7.0 went through the process, we worked extensively on its Phishing Filter feature. Phishing Filter can warn an end user if the website he is visiting might be impersonating a trusted website. If the end user opts-in to Phishing Filter, it will first check each website address against a list stored on the user’s computer of sites that have been reported to Microsoft as legitimate. If an address is not on the local list of legitimate sites, it will be sent to Microsoft and checked against a frequently updated list of websites that have been reported to Microsoft as phishing, suspicious, or legitimate websites and warn the user if it has.

 

Early in the design, we made some key decisions to help reduce the impacts on our customers’ privacy, including not storing IP address with the other data collected by Phishing Filter (the website addresses to be checked) to avoid potential correlation. Other decisions included having Phishing Filter only send the domain and path of the websites to Microsoft (e.g., removing search terms) and sending the website addresses to Microsoft via SSL. The team working on this feature was eager to reassure customers about their privacy, and went so far as to have a third party (Jefferson Wells) perform an audit to confirm our claims about how customer data is handled.

  

 

 

 

 

 

 

 

 
 
Contact Us | Privacy Policy | Terms of Use and Disclaimer © 2003 - 2008 NYMITY