Microsoft Admits to Privacy Errors With Passport

Microsoft has admitted that it has not properly protected the privacy and security of people who provided personal information through Passport as it settled with the Federal Trade Commission (FTC).

The company agreed to beef up the security of Passport and be more open with customers about what it does with their personal data. The company also agreed to allow an outside audit of its practices every two years. In a significant concession, Microsoft agreed to be monitored for 20 years.

The FTC admitted that it had found no actual security breaches, and agreed that Microsoft had not shared consumer data improperly with other companies. But FTC chairman Timothy J. Muris said Microsoft was not meeting the levels of privacy protection and security that it had promised users of Passport.

Microsoft was deemed to have lied about the effectiveness of its measures to protect users' personal information — including credit card numbers collected for the Passport Wallet shopping service. It also said Microsoft had falsely claimed that purchases made with Passport Wallet were "safer or more secure" than purchases made at the same site without Passport. But the FTC ruled: "In fact most consumers received identical security at those sites, regardless of whether they used Passport Wallet to complete their transactions.”

The software company was also found to have lied when it said that it did not collect any personally identifiable information beyond that described in its privacy policy when in practice Microsoft's technical support staff would routinely tie personally identifiable information to the user's sign-in history, and hold on to that data for months.

"Good security is fundamental to protecting consumer privacy," said Muris. "We’ll take action against companies that don't keep their promises. Companies that promise to keep personal information secure must follow reasonable and appropriate measures to do so. It's not only good business, it's the law."

The FTC ruling came out of a complaint in July 2001 contending that Microsoft's privacy practices, and especially the new Windows XP operating system and services like Passport, "are designed to obtain personal information from consumers in the United States unfairly and deceptively."

You may like these other stories...

Event Date: August 28, 2014, 2 pm ET Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to...
When you’re running an accounting office, it's easy to become inundated with paper, forms, and email attachments, especially when tax season rolls around. To prevent your office from becoming completely overwhelmed...
It's not a reality—yet—but accounting software is poised to eliminate accountants. We are at a tipping point for many similar professions: online education replacing professors, legal software replacing...

Upcoming CPE Webinars

Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.
Aug 20
In this session we'll review best practices for how to generate interest in your firm’s services.
Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.