WASHINGTON, Nov. 3 – LAWFUEL – The Law News Network — Microsoft Corp.
(Nasdaq: MSFT) today announced its support for a comprehensive legislative
approach at the federal level on the issue of data privacy. In a speech
delivered to the Congressional Internet Caucus, Brad Smith, senior vice
president and general counsel for Microsoft, told Caucus members that “the
time has come” for a strong national standard for privacy protection that will
benefit consumers and set clear guidelines for businesses while still allowing
commerce to flourish.
Smith explained the three key factors that have led Microsoft to support a
comprehensive federal legislative response: an increasingly complex patchwork
of state, federal and even international laws related to data privacy and
security; the potential for consumer fears about identity theft and other
online dangers to dampen online commerce; and the increasing consumer desire
for more control over the collection and use of online and offline personal
information.
“The growing focus on privacy at both state and federal levels has
resulted in an increasingly rapid adoption of well-intended privacy laws that
are at times overlapping, inconsistent and often incomplete,” Smith said.
“This is not only confusing for businesses, but it also leaves consumers
unprotected. A single federal approach will create a common standard for
protection that consumers and businesses can understand and count on.”
Smith noted an increasing level of concern from Americans on the subject
of identity theft over the Internet.
“Individuals will not take full advantage of the Internet or any
commercial medium if they believe that their information or data could be
compromised or disclosed in unexpected ways,” Smith said. “There is a causal
link here: protecting consumers promotes commerce, and that’s good for
everyone.”
The third factor — consumers’ increasing desire for more control over the
collection and use of their personal information — springs from the response
to the increasingly aggressive tactics of computer criminals.
“We’ve seen a spate of legislative activity in the aftermath of several
highly publicized data breaches, but for consumers, the reality is still
pretty daunting. They do not necessarily have a better experience and in many
cases still do not clearly understand how companies are collecting, using and
disclosing their personal information in the first place,” Smith said. “We
have to make this more transparent and manageable for consumers.”
“Microsoft’s call for strong national privacy legislation is a landmark
moment in the cause of establishing and protecting individual privacy rights
online,” said Jerry Berman, president of the Center for Democracy and
Technology. “Microsoft’s privacy legislation commitment creates momentum for a
serious effort to establish consumer privacy expectations for the digital age.
While we have not reached consensus on all of the provisions of a privacy
bill, we applaud Microsoft’s willingness to work actively with other high-tech
companies, consumer organizations and policymakers to make serious privacy
legislation a reality.”
Smith described four core principles that Microsoft believes should be the
foundation of any federal legislation on data privacy:
— Create a baseline standard across all organizations and industries
for offline and online data collection and storage. This federal
standard should pre-empt state laws and, as much as possible, be
consistent with privacy laws around the world.
— Increase transparency regarding the collection, use and disclosure
of personal information. This would include a range of notification
and access functions, such as simplified, consumer-friendly privacy
notices and features that permit individuals to access and manage
their personal information collected online.
— Provide meaningful levels of control over the use and disclosure of
personal information. This approach should balance a requirement for
organizations to obtain individuals’ consent before using and
disclosing information with the need to make the requirements
flexible for businesses, while avoiding bombarding consumers with
excessive and unnecessary levels of choice.
— Ensure a minimum level of security for personal information in
storage and transit. A federal standard should require organizations
to take reasonable steps to secure and protect critical data against
unauthorized access, use, disclosure modification and loss of
personal information.
Peter Cullen, Microsoft’s chief privacy strategist responsible for
managing and promoting the company’s implementation of privacy across its
products, services and processes, reinforced the need for and value of a
uniform approach that complements technological advances.
“Microsoft’s overarching goal for privacy continues to be to create a
trusted environment for Internet users,” Cullen said. “We have woven privacy
into the DNA of Microsoft, from product development to deployment, and
decisions are made with privacy in mind. A comprehensive legislative approach
to privacy that applies across the country would be part of the solution to
give all consumers strong privacy and security protection, and allow everyone
to realize the full potential that the Internet and technology can provide.”
There is growing support throughout the technology industry for a more
standardized approach to data privacy. Leading companies such as HP have
voiced support for a federal legislative approach and have incorporated
similar ideals into their standard operating procedures.
Barb Lawler, HP’s chief privacy officer, concurs with Cullen. “HP believes
a uniform federal approach to data privacy would provide a consistent level of
expectation for consumers and business continuity for corporations,” Lawler
said. “HP believes that upholding the highest standards for the protection of
personal information is a business imperative and, through our ‘Design for
Privacy’ initiative, we integrate privacy into every facet of our business
processes, products and services.”
About Microsoft
Founded in 1975, Microsoft is the worldwide leader in software, services
and solutions that help people and businesses realize their full potential.
NOTE: Microsoft is a registered trademark of Microsoft Corp. in the
United States and/or other countries.
The names of actual companies and products mentioned herein may be the
trademarks of their respective owners.
