Microsoft Admits to Privacy Errors With Passport

Microsoft has admitted that it has not properly protected the privacy and security of people who provided personal information through Passport as it settled with the Federal Trade Commission (FTC).

The company agreed to beef up the security of Passport and be more open with customers about what it does with their personal data. The company also agreed to allow an outside audit of its practices every two years. In a significant concession, Microsoft agreed to be monitored for 20 years.

The FTC admitted that it had found no actual security breaches, and agreed that Microsoft had not shared consumer data improperly with other companies. But FTC chairman Timothy J. Muris said Microsoft was not meeting the levels of privacy protection and security that it had promised users of Passport.

Microsoft was deemed to have lied about the effectiveness of its measures to protect users' personal information — including credit card numbers collected for the Passport Wallet shopping service. It also said Microsoft had falsely claimed that purchases made with Passport Wallet were "safer or more secure" than purchases made at the same site without Passport. But the FTC ruled: "In fact most consumers received identical security at those sites, regardless of whether they used Passport Wallet to complete their transactions.”

The software company was also found to have lied when it said that it did not collect any personally identifiable information beyond that described in its privacy policy when in practice Microsoft's technical support staff would routinely tie personally identifiable information to the user's sign-in history, and hold on to that data for months.

"Good security is fundamental to protecting consumer privacy," said Muris. "We’ll take action against companies that don't keep their promises. Companies that promise to keep personal information secure must follow reasonable and appropriate measures to do so. It's not only good business, it's the law."

The FTC ruling came out of a complaint in July 2001 contending that Microsoft's privacy practices, and especially the new Windows XP operating system and services like Passport, "are designed to obtain personal information from consumers in the United States unfairly and deceptively."

You may like these other stories...

Regulatory compliance, risk management and cost-cutting are the big heartburn issues for finance execs in the C-suite. Yet financial planning and analysis—a key antacid—is insufficient.That's just one of the...
Continuing its efforts to simplify accounting procedures, the FASB has issued a proposed Accounting Standards Update on customer fees paid in a cloud computing arrangement. The newly-proposed update (Intangibles—...
How are you planning? What tools do you use (or fail to use) for forecasting? PlanGuru is a business budgeting, forecasting, and performance review software company based in White Plains, N.Y. AccountingWEB recently spoke...

Already a member? log in here.

Upcoming CPE Webinars

Aug 26
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Sep 11
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.