Sunday, February 27, 2011

A Tester's perspective: Privacy in Design by Microsoft

A month ago I promised to blog about privacy solutions the cloud vendors apply at this time.
This post will discuss Microsofts efforts in handling privacy.
When googling for Microsoft the first hit's a bullseye.
A portal about how Microsoft deals with privacy issues and links to relevant information, ordered in a structured way. Regarding usability,a good start.
A portal is nice, but does it have info about how Microsoft deals with privacy issues?
Privacy by Design is a hot topic in the privacy community and also organized in Microsofts business, in both development and operation.
Bold words, but how is this done?
First, Microsoft deals with Privacy by following the Microsoft Privacy Principles, which address Accountability, Notice, Collection, Choice and Consent, Use and Retention, Disclosure of Onward Transfer, Quality Assurance, Access, Enhanced Security, and Monitoring & Enforcement.
An example of the use of these principles is the link Privacy
available at the Windows Live Hotmail-site.
Wow, Privacy Principles, but who assures me, the user, these principles are lived by Microsoft?
Microsoft's Chief Privacy Officer (CPO, I just love those abbreviations), is responsible for managing the risks and business impacts of privacy laws and policies.
The CPO and his team had a great influence on the new Microsoft's U-Prove (former CardSpace) and the Tracking Protections in IE9.
OK, Microsoft is concerned about the user's privacy, are there any negative sides to its policy?
Well, you could say the long development and at the end elimination of CardSpace in favor of U-Prove, but is this privacy-related? The Geneva-project was, IMHO, always a bit mysterious, but when Credentica was bought by Microsoft in 2008 things started to make more sense. Then it's more an issue what to use for identity control and if it's usable?
Believe me, I have enough experience with software projects where the architect says his design is flawless, but that during end-to-end-test the software its performance is just plain lousy.
Another reason to involve testers at the beginning of a project.

Concluding,Microsoft commits itself to privacy, but it's still an evolution of development and process, do not expect miracles!
People at Microsoft are also just people.

No comments: