Archive for the ‘privacy’ Category

Simplifying the complex: Introducing Privacy Management for Microsoft 365

October 19th, 2021 No comments

The data privacy regulation landscape is more complex than ever. With new laws emerging in countries like China and India, shifts in Europe and the United Kingdom, and currently 26 different laws across the United States, staying ahead of regulations can feel impossible.

But this work is critical—to safeguarding people and the tools they use to stay connected, get work done, and thrive in today’s hybrid environment.

We have been working closely with our customers to help. Today, I’m excited to share with you some of the new investments we’re making to attempt to bring some simplicity to the complex topic of data privacy regulations.

Introducing Privacy Management for Microsoft 365

With the latest regulation going into effect soon in China, most of the world’s population will soon have its personal data covered under modern privacy regulations. But how organizations manage their regulatory responsibilities with all those laws in mind is often manual, time-consuming, and expensive.

Today, I’m excited to announce that Privacy Management for Microsoft 365 is generally available to help customers safeguard personal data and build a privacy-resilient workplace. With role-based access controls and data de-identified by default, Privacy Management for Microsoft 365 helps organizations to have end-to-end visibility of privacy risks at scale in an automated way.

  1. Identify critical privacy risks and conflicts: One of the biggest challenges in managing privacy is finding where personal data is stored, especially in an unstructured environment. Most companies still use manual processes to maintain data inventory and mapping, primarily through email, spreadsheets, and in-person communication, which is costly and ineffective. Privacy Management automatically and continuously helps to discover where and how much private data is stored in customers’ Microsoft 365 environments by leveraging data classification and user mapping intelligence. Organizations can see an aggregated view of their privacy posture, including the amount, category, and location of private data, and associated privacy risks and trends over time.
  2. Automate privacy operations and response to subject rights requests: Privacy Management correlates data signals across the Microsoft 365 suite of solutions to deliver actionable insights that allow privacy administrators to automate privacy policies by using an out-of-box template—data transfers, data minimization, data overexposure, and subject-rights request management—or create a custom policy to meet an organization’s specific needs.
  3. Empower employees to make smart data handling decisions: To build a privacy-resilient culture, you need to educate your employees, so they know how to handle data properly. Privacy Management provides insights and contexts to administrators, enabling them to automate privacy policies and protect sensitive data. Additionally, data owners are given recommended actions, training, and tips to make smart data-handling decisions, eliminating the need to choose between privacy and productivity.

The privacy management dashboard shows an overview of privacy alerts, such as items containing personal data, subject rights requests, and more.

Figure 1: Overview dashboard showcasing privacy risks and trends.

“Privacy Management for Microsoft 365 will help us identify and prevent critical privacy risks that arise from transferring private data across borders and oversharing,” said Beni Gelzer, Head of Data Privacy (Switzerland), Novartis. “We’ll empower our employees to mitigate risks themselves, freeing our IT resources to focus on more urgent, high-severity risks.”

You can learn more about Novartis’ experience with Privacy Management for Microsoft 365 in their case study.

Partnering to give customers greater visibility beyond Microsoft 365

Because data lives across so many clouds, systems, and applications, solving the challenge of data privacy requires great insight—and partnership.

To meet you where you are in your privacy journey, we have built APIs that allow you to integrate with your existing processes and solutions to automatically create and manage subject rights requests in Privacy Management.

We’re also excited today to partner with leading privacy software companies—OneTrust,, and WireWheel—to extend subject rights management capabilities to personal data stored outside of the Microsoft 365 environment, enabling customers to have a unified and streamlined response to subject requests.

“Our mission at OneTrust is to empower businesses to build trust into the fabric of their organization and our collaboration with Microsoft supports this,” noted Adam Rykowski, OneTrust Vice President of Product Management. “By automating and syncing the fulfillment of Data Subject Access Requests (DSAR) from OneTrust’s Privacy Management Solution with Privacy Management for Microsoft 365, available within the Microsoft 365 compliance center, we can seamlessly incorporate IT admins into privacy operations from the OneTrust platform.”

You can learn more about these partnerships in today’s Tech Community blog.

New regulation assessments in Microsoft Compliance Manager

Staying ahead of data privacy regulations and understanding the technical actions you can take to address compliance can be daunting. To help, Microsoft Compliance Manager today has more than 200 regulatory assessment templates covering global, industrial, and regional Data Protection and Privacy regulations, making it easier for customers to interpret, assess, and improve their compliance with regulatory requirements. We recently added three privacy-specific assessments for Colorado Privacy Act, Virginia Consumer Data Protection Act (CDPA), and Egypt Privacy Law.

Additionally, we have mapped privacy-specific controls across these assessment templates to the new Privacy Management solution to help you scale your compliance efforts.

You can learn more about Compliance Manager, our list of available assessments, and how to use the assessment in our documentation. You can also try the Compliance Manager 90-day trial, which gives you access to 25 assessments.

Privacy is a journey

We recognize that navigating the complexity of data privacy regulations is a journey, and we are excited to partner with you, our customers, and others in the ecosystem to help to ease some of the complexity, making the world a safer place for all.

Privacy Management for Microsoft 365 is generally available to customers as an add-on to a Microsoft 365 or Office 365 subscription. To get started with Privacy Management, you can leverage the free 90-day trial. You can learn a lot more about Privacy Management in today’s Tech Community blog or watch the new Microsoft Mechanics video.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Simplifying the complex: Introducing Privacy Management for Microsoft 365 appeared first on Microsoft Security Blog.

Categories: cybersecurity, privacy Tags:

Transparency & Trust in the Cloud Series: Cincinnati, Cleveland, Detroit

March 17th, 2015 No comments
 Customers at the Transparency & Trust in the Cloud Series event in Detroit

Customers at the Detroit “Transparency & Trust in the Cloud” event.

I had the opportunity to speak at three additional Transparency & Trust in the Cloud events last week in Cincinnati, Cleveland, and Detroit. These were the latest in the series that Microsoft is hosting, inviting customers to participate in select cities across the US.

For me personally, these events provide the opportunity to connect with customers in each city and learn which security and privacy challenges are top of mind for them. In addition, I get to hear first-hand, how customers have been using the Cloud to drive their businesses forward, or, if they haven’t yet adopted Cloud services, what’s holding them back. I feel very fortunate as the participating CIOs, their in-house lawyers, CISOs, and IT operations leaders haven’t been shy about sharing the expectations they have for prospective Cloud Providers, specifically around security, privacy, and compliance.

I was joined by other Microsoft Cloud subject matter experts: Microsoft’s Assistant General Counsel, Dennis Garcia, Principal IT Solution Manager, Maya Davis, Director of Audit and Compliance, Gabi Gustaf, and Cloud Architect, Delbert Murphy. This diverse cast helped provide an overview of the Microsoft Trustworthy Cloud Initiative from their unique perspectives and answer a range of technology, business process, and legal questions from attendees.

Here are just some of the types of questions these events garner, most recently in these three cities:

  • How does eDiscovery work in Microsoft’s Cloud? (see related posts)
  • What data loss prevention capabilities does Microsoft offer for Office 365, OneDrive and Microsoft Azure?
  • What data does Microsoft share with customers during incident response investigations?
  • Which audit reports does Microsoft provide to its Cloud customers?
  • What terms does Microsoft include in its Cloud contracts to help customers manage regulatory compliance obligations in EU nations?
  • What does the new ISO 27018 privacy certification that Microsoft has achieved for its four major Cloud solutions provide to Microsoft’s Cloud customers (and Microsoft is the only major Cloud provider to achieve ISO 27018 certification)?

These are great conversations! Thank you to all of the customers that have attended and participated in recent events.

There are still a few more scheduled in different cities across the country. If you are a customer and would like to learn more about the Microsoft approach to building the industry’s most trustworthy Cloud, please reach out to your account team to find out if one of these events is coming to your area.

I’m looking forward to seeing customers in Omaha and Des Moines in just a couple of weeks.

Transparency & Trust in the Cloud Series: Kansas City, St. Louis, Minneapolis

March 5th, 2015 No comments

Over the last few months, Microsoft has hosted a series of events to bring together Chief Information Officers (CIO) and their legal counsels, Chief Information Security Officers (CISO), as well as IT operations leaders from enterprises in cities across the US. These “Transparency & Trust in the Cloud” events aim to highlight and discuss the security, privacy, compliance, and transparency capabilities of Microsoft’s cloud services.

Recently, I was given the opportunity to attend and speak at those in Kansas City, St. Louis, and Minneapolis. I was also able speak directly with many enterprise customers in each city. I was joined by other Microsoft cloud subject matter experts, where together, we answered a range of technology, business process, and legal questions that attendees had—and believe me, they had some well-thought, complex questions!

For example, in Kansas City, attendees asked about service level agreements and were provided with the Microsoft perspective by our Assistant General Counsel, Dennis Garcia. In St. Louis, we were asked about Microsoft’s own journey to move workloads and applications from on premise to the cloud. Ryan Reed, from Microsoft IT, has been doing this work at Microsoft for some time, and shared architectural and development considerations with the audience. Enterprise customers in Minneapolis asked questions ranging from eDiscovery to security incident notifications, to the right to audit, to protecting sensitive healthcare information. These discussions are also extremely helpful to us, at Microsoft, to better understand which topics are top of mind for enterprise customers who are evaluating the use of or adopting cloud services.

I would like to again thank those customers who attended these events. Thank-you!

More meetings like these have been scheduled in different cities across the country. If you are a CIO, CISO, legal counsel, or operations leader for an enterprise organization and would like to learn more about the Microsoft approach to building the industry’s most trustworthy cloud, please reach out to your account team to inquire.

I’m looking forward to meeting more customers and having deeper discussions on trust and transparency in the cloud in the coming weeks.

The Importance of Effective Information Sharing

January 29th, 2015 No comments

SCharney2 012815

This week, I testified before the U.S. Senate Committee on Homeland Security and Governmental Affairs at a hearing on “Protecting America from Cyber Attacks: the Importance of Information Sharing.” It was good to see that the committee’s first hearing of the 114th Congress focuses on cybersecurity issues generally, and information sharing in particular, and I’d like to summarize the key points of my testimony.

There is no doubt that cybersecurity is an important issue for America, other nations, the private sector, and individuals. In an effort to better understand and help address the challenges we face, I regularly engage with government leaders from around the world, security-focused colleagues in the IT and Communications Sectors, companies that manage critical infrastructures, and customers of all sizes. From those interactions, I have concluded that cyber-attacks have joined terrorism and weapons of mass destruction as one of the new, asymmetric threats that puts countries, corporations, and its citizens at risk.

With global threats, global actors, and global networks, no one organization – public or private – can have full awareness of all the threats, vulnerabilities, and incidents that shed light on what must be managed. There is no doubt that sharing such information can and has protected computer users and increased the effectiveness of the security community’s response to attacks. For example, in 2009, the Conficker Working Group came together to share information and develop a coordinated response to the Conficker worm, which had infected millions of computers around the world. After the working group developed a mitigation strategy, Information Sharing and Analysis Centers (“ISACs”) were mobilized, company incident response teams were activated, government responders were engaged, and the media reported as milestones were reached and services were restored. The challenge was addressed, and quickly.

Why is it, then, that after 20 years of discussion and proof of effectiveness, information sharing efforts are viewed as insufficient? The short answer is that while there are success stories, it is often true that those with critical information are unable or unwilling to share it. They may be unable to share it due to law, regulation, or contract, all of which can create binding obligations of secrecy and expose a company to legal risk if information is shared. Even when those restrictions permit sharing pursuant to authorized exceptions, legal risks remain, as parties may disagree on the scope of the exception. There are also non-legal, non-contractual risks; for example, a company that discloses its vulnerabilities may suffer reputational risk, causing both customers and investors to become concerned. It may even suggest to hackers that security is inadequate, encouraging other attacks.

With all these challenges in mind, we believe there are six core tenets that must guide information sharing arrangements:

1. Information sharing is a tool, not an objective.

2. Information sharing has clear benefits, but poses risks that must be mitigated.

3. Privacy is a fundamental value, and must be protected when sharing information to maintain the trust of users – individual consumers, enterprises, and governments – globally.

4. Information sharing forums and processes need not follow a single structure or model, and governments should not be the interface for all sharing.

5. Government and industry policies on information sharing should take into account international implications.

6. Governments should adhere to legal processes for law enforcement and national security requests, and governments should not use computer security information sharing mechanisms to advance law enforcement and national security objectives.

Information sharing has and does work. But it works because the parties see that the benefits (better protection, detection and response) outweigh the risks. History also teaches, however, that information sharing tends to work best when those involved trust each other to respect informal and sometimes formal agreements (e.g., non-disclosure agreements) on information use and disclosure.

The two most important things Congress can do are (1) ensure that the information sharing arrangements that are working effectively are left undisturbed; and (2) encourage additional information sharing by providing protections for shared information and addressing risks posed by information sharing, including privacy risks.

You can read my full testimony here.

Do you know your kids’ passwords?

August 27th, 2014 No comments

This is the second of two blog posts on password protection. Read Part 1: Create strong passwords and protect them.

Whether or not you should know all of your kids’ passwords depends on their age, how responsible they are, and your parenting values.

However, kids of any age and responsibility level need to know how to create strong passwords and how to protect those passwords.

Sharing is great, but not with passwords

Your kids should never give their friends their passwords or let them log on to their accounts. Also, be careful sharing your passwords with your kids.

3 strategies for strong passwords

  • Length. Make your passwords at least eight (8) characters long.

  • Complexity. Include a combination of at least three (3) uppercase and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.

  • Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

For more information, see Help kids create and protect their passwords.

Do you know your kids’ passwords?

August 27th, 2014 No comments

This is the second of two blog posts on password protection. Read Part 1: Create strong passwords and protect them. Whether or not you should know all of your kids’ passwords depends on their age, how responsible they are, and your parenting values. However, kids of any age and responsibility level need to know how to create strong passwords and how to protect those passwords.

Sharing is great, but not with passwords

Your kids should never give their friends their passwords or let them log on to their accounts. Also, be careful sharing your passwords with your kids.

3 strategies for strong passwords

  • Length. Make your passwords at least eight (8) characters long.
  • Complexity. Include a combination of at least three (3) uppercase and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.
  • Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

For more information, see Help kids create and protect their passwords.

Back-to-school checklist: Clean up my digital life

Ever wonder what your online image says about you? Do you constantly “check in” on social media, take daily selfies, or post the latest images of your kids? In an era of seemingly non-stop online sharing of our thoughts, images, and experiences, it’s important to understand the lasting impact our digital actions have on us and those around us.

US households have an average of 5.7 devices for personal and professional use, according to a recent Microsoft study. As this interconnectivity continues to grow, it’s not surprising that people and organizations, including employers or college recruiters for example, turn to social networking sites as a way to help assess potential candidates. Our same research, however, found that only a small percentage of global respondents take key steps to help manage their online reputations:

  • 19 percent edited or deleted information to protect their online reputation;

  • 15 percent used search engines to monitor and manage their personal information online; and

  • 10 percent used a service to edit or delete information about themselves online

This tells me that as connected as we might be, we may not be doing all we can to manage our online personas. So, before kids, and even parents, educators, counselors, and coaches, head back to school, Microsoft wants each of us to make a personal commitment to #Do1Thing to set yourself up for digital success this school year. Visit to share your story and learn more about managing your digital life. On the interactive website, you can also:

  • Take our social personality quiz: Which social media cliché are you?  Find out if you’re #HashtagHyper, a Click-Collector, or a One-Upper. Do you know someone who fits each profile? I bet you do.

    • Share your results through social media for the chance to win a MS Nokia Lumia 2520 Red 10.1 Tablet with Windows RT 8.1(Verizon) in our #Do1ThingSweeps sweepstakes

  • Watch our catchy video: It’s your social personality! Share this light-hearted piece with your social circles and help friends and family understand the potential impact of their online behavior.

  • Finally, review each of our online reputation tips and enjoy the dog days of summer knowing you’ve completed your back-to-school checklist.

For more information about Microsoft’s work in Online Safety, visit our Safety & Security Center, “like” us on Facebook, follow us on Twitter, and look for my “point of view” following the #MSFTCOSO hashtag.

What you need to know about privacy and security in OneDrive

July 24th, 2014 No comments

OneDrive is free online storage that’s built into Windows 8.1 and Windows RT 8.1. Add files from your PC to OneDrive, and then easily access your photos, music, documents, and other files on all the devices you use.

How you can help protect your privacy and security in OneDrive

Create a strong password for your Microsoft Account. You sign into OneDrive with your Microsoft Account. Here is some basic guidance on how to create a strong password for that account. Different sites have different rules for passwords that they’ll accept, but this guidance should work anywhere you need to create a password:

  • Length. Make your passwords at least eight (8) characters long.
  • Complexity. Include a combination of at least three (3) uppercase and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.
  • Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites. Check the strength of your password.

Manage who can view or edit your OneDrive files. By default, your OneDrive files are available to you, although you can choose to share photos, documents, and other files. To share files or folders, right-click them and choose how you want to share them.

Add security info to your Microsoft account. You can add information like your phone number, an alternate email address, and a security question and answer to your account. That way, if you ever forget your password or your account gets hacked, we can use your security info to verify your identity and help you get back into your account. Go to the Security info page.

Use two-step verification. This helps protect your account by requiring you to enter an extra security code whenever you sign in on a device that isn’t trusted. For more information about two-step verification, see Two-step verification: FAQ.

Back up your OneDrive files. For details about using File History in Windows, see Set up a drive for File History.

For more information about how Microsoft helps keep your files safe in the cloud, see Privacy in OneDrive.

What’s new with Windows Phone 8.1?

May 22nd, 2014 No comments

Windows Phone 8.1 includes features that let you browse the web and use location awareness apps and other apps without losing control of your privacy and security.

Turn location services on or off

Location services can improve your experience in many different applications, from restaurant finders to social networks. If you don’t want to share your location, you can turn location services off. 

To turn location services on or off

  1. In the App list, tap Settings   > Location.
  2. Turn Location services on or off.

See when an app is accessing your location information

If you want to use location services and also see when an app is accessing your phone’s location, you can turn the Location icon .

To make sure this icon is turned on

  1. In the App list, tap Settings   > Location.
  2. Select the Show icon check box.

Note Choosing not to display the Location icon doesn’t turn off location services. It simply hides the icon to reduce clutter on your phone’s status bar.

Change privacy settings on your mobile browser

Internet Explorer 11 for Windows Phone makes it easy to adjust settings. You can delete your Internet Explorer search history and use the SmartScreen Filter to help protect against unsafe websites. You can also set Internet Explorer to send a Do Not Track request to websites you visit to signal that you don’t want that website to track your browsing.

Privacy settings in Cortana (the new personal assistant for Windows Phone)

Cortana is the new digital assistant for Windows Phone 8.1 that can help with tasks and offer reminders, suggestions, and more. The more Cortana knows about you, the more efficient she can be.

Note: Cortana is only available on phones with Windows Phone 8.1, and only in some countries/regions. Check to see which software version you have.

Settings you can change in Cortana to help control your privacy

  • If Cortana is on, you can control detection of tracking info in email messages.
  • Regardless of whether Cortana is on or off, you can choose whether to send your browsing history to Microsoft to help improve our services and products.
  • If Cortana is on, you can control whether Cortana uses information from your Facebook account for personalization.

To understand how Cortana and Bing work with Facebook, see Cortana and my privacy FAQ.

For more information about these and other settings, see Privacy in Windows Phone 8.1.


Get the latest version of Internet Explorer

April 24th, 2014 No comments

Microsoft released an updated version of Internet Explorer this month, and it’s available as a free download on Windows 8.1, Windows 7, and Windows Phone 8.1. To increase your security and privacy, it’s important that you use the latest version of any software, but especially your web browser. This new version of Internet Explorer also includes new features that make it easier to browse the web on a variety of devices.

Learn more at the Internet Explorer blog.

If you have automatic updating turned on, you already have the latest version of Internet Explorer.

Learn how to get updates like this one, as well as security updates for all your Microsoft software automatically.

HOW TO: Recycle your old computers and devices for Earth Day

April 22nd, 2014 No comments

Today is Earth Day. Show your love for the globe by getting rid of your old technology in the most environmentally friendly way possible.

Step 1: Back up files or data you want to keep

Use the backup utilities that are built into Windows XP, Windows Vista, and Windows 7 to transfer files from your old computer to your new one.

If you’re getting rid of a computer that is running Windows 8, use File History.

Step 2: Remove personal information from your computer or device

If you use a Microsoft Certified Refurbisher, they will help you remove your data and help you donate your equipment to people in need around the world.

If you decide to remove the personal information yourself, wipe your hard drive by using specialized software that is designed to government standards and will overwrite your information (Active@ KillDisk and Softpedia DP Wiper are free downloads). 

Step 3: Find a reputable recycler

If you’ve already used a Microsoft Certified Refurbisher, they can help you find the right place for your old computers and devices. If you’re doing it yourself, you can find a list of Microsoft-sponsored recycling opportunities in your area.

Many places will offer rewards for your recycled technology. If you’re getting rid of old Xbox or Playstation games, you might be able to exchange them for a gift card to buy new games.

For more information, see How to more safely dispose of computers and other devices. If you just want to upgrade your operating system, find out if your current computer can run Windows 8.1 and you might not even need to get rid of it.

Heartbleed: What you need to know

April 10th, 2014 No comments

On April 8, 2014, security researchers announced a flaw in the software that is used to protect your information on the web. The vulnerability, known as “Heartbleed,” could potentially allow a cyberattacker to access personal information.

After a thorough investigation, Microsoft determined that Microsoft Account, Microsoft Azure, Office 365, Yammer, and Skype, along with most Microsoft Services, are not impacted by the “Heartbleed” vulnerability. A few services continue to be reviewed and updated with further protections.

We encourage you to be careful what information you provide to websites and help protect the security of your online accounts by using different passwords for different websites, changing your passwords often, and making your passwords as complex as possible.

For more information, see Microsoft Services unaffected by Open SSL “Heartbleed” vulnerability.

Tax scams: 6 ways to help protect yourself

March 20th, 2014 No comments

We’ve received reports that cybercriminals are at it again, luring unsuspecting taxpayers in the United States into handing over their personal information as they rush to file their taxes before the deadline.

Here are 6 ways to help protect yourself.

1.     Beware of all email, text, or social networking messages that appear to be from the IRS. Cybercriminals often send fraudulent messages meant to trick you into revealing your social security number, account numbers, or other personal information. They’ll even use the IRS logo. Read more about how the IRS does not initiate contact with taxpayers by email or use any social media tools to request personal or financial information.
2.       Use technology to help detect scams. Scams that ask for personal or financial information are called “phishing scams.” Internet Explorer, Microsoft Outlook, and other programs have anti-phishing protection built in. Read more about identity theft protection tools that can help you avoid tax scams.
3.       Check to see if you already have antivirus software. If a cybercriminal does fool you with a tax scam that involves downloading malware onto your computer, you might already be protected by your antivirus software. If your computer is running Windows 8, you have antivirus software built in. Download Microsoft Security Essentials at no cost for Windows 7 and Windows Vista. 
4.       Make sure the website uses secure technology. If you’re filing your taxes on the web, make sure that the web address begins with https, and check to see if a tiny locked padlock appears at the bottom right of the screen. For more information, see How do I know if I can trust a website and What is HTTPs?
5.       Think before you download tax apps. Download apps only from major app stores—the Windows Phone Store or Apple’s App Store, for example—and stick to popular apps with numerous reviews and comments.
6.       Be realistic. If it sounds too good to be true, it probably is. From companies that promise to file your taxes for free, to websites that claim you don’t have to pay income tax because it’s unconstitutional—keep an eye out for deliberately misleading statements.

Thanks to you the Microsoft #Do1Thing initiative donates $50,000 to TechSoup Global

Together we've raised $50,000

On Safer Internet Day, February 11, 2014, Microsoft launched the interactive Safer Online website. Every time you made your #Do1Thing promise or shared the website with your social circles, Microsoft made a donation to TechSoup Global.

In less than 24 hours, so many of you promised to #Do1Thing to stay safer that Microsoft donated $50,000 to TechSoup Global! But it wasn’t just the promise alone.

“As communities around the world use the Internet to learn and connect, developing responsible online safety habits is something each of us should act on,” says Rebecca Masisak, CEO of TechSoup Global. “We appreciate being a part of Safer Internet Day. And with your contributions, TechSoup Global will further develop and deliver online safety education training materials and guidance to be shared across our global network.”

So far, people from five continents have shared what they are doing to help create a better Internet. What’s the number one global promise so far? Creating strong passwords and regularly changing them. Other popular responses included: two-step authentication for online accounts, sharing minimal personal information, using secured Wi-Fi connections, and shopping on https-enabled websites

Of those who answered our Safer Online polling questions:

  • Nearly half (47 percent) of participants chose learning as the greatest benefit the Internet has brought to their lives, while 17 percent chose exploring, and 10 percent go online for entertainment purposes.
  • Website visitors were also asked which potential online risks concern them the most. Of the nine choices, 28 percent selected financial loss as the most concerning, with 22 percent opting for loss of personal privacy, and 19 percent finding forms of malware on their device the greatest concern.
  • Finally, over two thirds (76 percent) of respondents edit or remove online information that may impact their reputation. Learn how to take charge or your online reputation.

If you haven’t done so yet, share your #Do1Thing story, see what others around the world are promising, and get online safety tips to help you stay safer online, today and every day! 

5 safety tips for online dating

February 13th, 2014 No comments

If you’re going to be connecting online this Valentine’s Day (or ever), follow these safety and privacy tips.

  1. Avoid catfishing. This is a type of social engineering designed to entice you into a relationship in order to steal your personal information, your money, or both. Always remember that people on the other end of online conversations might not be who they say they are. Treat all email and social networking messages with caution when they come from someone you don’t know.
  2.  Use online dating websites you trust. Knowing when to trust a website depends in part on who publishes it, what information they want, and what you want from the site. Before you sign up on a site, read the privacy policy. Can’t find it? Find another site. For more information, see How do I know if I can trust a website?
  3.  Be careful with the information you post on online. Before you put anything on a social networking site, personal website, or dating profile, think about what you are posting, who you are sharing it with, and how this will reflect on your online reputation. For more information, watch this video about the dangers of oversharing.
  4.  Be smart about details in photographs. Photographs can reveal a lot of personal information, including identifiable details such as street signs, house numbers, or your car’s license plate. Photographs can also reveal location information. For more information, see Use location services more safely.
  5.  Block and report suspicious people. Use the tools in your email, social networking program, or dating website to block and report unwanted contact. Read this if you think you might already be a victim of a scam.

Do one thing to stay safer online, today and every day

Imagine how much safer we’d all be if we each did one thing to stay safer online.

As part of Safer Internet Day 2014, we’re launching Safer Online, a new interactive website where you can share your “Do1Thing” pledge, learn what others are doing to help protect themselves online, and get instant tips to enhance and better protect your digital lifestyle.

Protecting yourself and your family online is easier than you think.

Here’s an example of one thing you can do right now:

To help spread the word, download and use the #Do1Thing icon (JPG) from the Safer Online site as your social media profile picture to encourage others to join the Safer Internet Day (SID) movement.   We want you to share your story on the Safer Online website with others.  When you do, Microsoft will make a donation to TechSoup Global, a non-profit organization using technology to solve global problems and foster social change.

Take a quick tour of the new Safer Online consumer site that’s inspiring people around the world to “Do 1 Thing” to protect themselves online.

For more information about our work in Internet safety, visit our Safety & Security Center.




The best time to change your password is now

January 30th, 2014 No comments

You can reduce your chances of being hacked by regularly changing the passwords on all the accounts where you enter financial or other sensitive information. Set an automatic reminder to update passwords on your email, banking, and credit card websites every three months.

Different sites have different rules for passwords that they’ll accept, but here is some basic guidance on how to create strong passwords:

  • Length. Make your passwords at least eight (8) characters long.
  • Complexity. Include a combination of at least three (3) upper and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.
  • Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

Learn more about how to create strong passwords and protect your passwords.

If you think someone has gone into your account and changed your password, learn how to recover a hacked account.

What are your privacy perceptions?

January 28th, 2014 No comments

To mark Data Privacy Day 2014, Microsoft released results of a survey measuring consumer privacy perceptions in the United States and Europe. According to our research, people in the United States estimate they have about 50 percent control over the way their information is used online. In Europe, it’s about 40 percent. 

At Microsoft, we’re committed to earning customer trust by demonstrating accountability and an inherent respect for privacy. Individuals expect us to prioritize their privacy and incorporate strong privacy protections into our products and services and we are constantly looking for ways to innovate on privacy in support of our customers.

For more information, see Marking Data Privacy Day with dialogue and new data, a blog post by Brendon Lynch, Chief Privacy Officer at Microsoft.

Categories: Data Privacy Day, privacy Tags:

Q & A: Keeping kids safer online

I recently sat down with Sonia Livingstone, a professor in the Department of Media and Communications at the London School of Economics to discuss children and kids and the Internet.

Q. You’ve spent the last two months at Microsoft’s Cambridge research facility. How did that opportunity come about?

A. I have known danah boyd, who started the Social Media Collective at Microsoft Research New England, for quite a while, since we’re both interested in studying teenagers’ ‘risky’ activities on social networking sites. And I’d known Nancy Baym, who invited me to visit, for even longer—since we began our careers researching the soap opera audience. Now I see parallels between soap opera and social media—they’re both about the everyday ways that people create a shared social world through seemingly mindless but actually significant chat and gossip.

Q. Share a key learning from this experience and how it will influence your work.

A. The lab values intellectual discussion across disciplinary boundaries. We all find this difficult, requiring lots of ‘translation’ to understand what people from different traditions find interesting questions, let alone how they come to their answers. I appreciate the recognition that it is important not to stay siloed in our separate spaces, but to talk across divides and seek common ground. The design of the lab echoes this principle—open doors, flexible spaces for discussion, frequent moments when everyone comes together to talk about ideas. It’s a contrast with the academic model I’m used to.

Q. You’re the lead researcher for the EU Kids Online network, which is the “gold standard” when it comes to kids’ Internet use in the EU. What’s next for this project?

A. We are coming to the end of our third phase of funded activity. The European Commission’s (EC) Safer Internet (now Better Internet for Kids) Programme is changing into something new. We are focused on completing interviews and focus groups in 9 or 10 countries, aiming to understand the contexts in which children talk about online risk and how they try to cope with it—or, what support they think they need. As I look ahead, I see the value of our network both for its high-quality cross-national research and for its infrastructural role, paralleling the networks for awareness raising, children’s charities, and helplines to provide the evidence base for policymaking and practical safety/empowerment initiatives in Europe.

Q. Any observations on the way American parents approach kids and technology compared to their European counterparts?

A. My sense is that parents’ expectations are greater in the US than in Europe, where we rely more on schools to guide kids, but also on kids themselves. For example, British parents generally do not check their child’s phone or laptop because the child’s right to privacy outweighs the parents’ duty to protect. I think American parents strike a different balance, considering that they have a right to check their phone because they pay the bill. As I see it, children have a right to privacy, but parents have a duty of care. That’s a difficult balancing act in any culture. My hope is that we find ways for parents and children to share responsibility and talk openly about risks rather than parents snooping on kids and kids finding ways to escape scrutiny.

Q. How can we make parents, educators, and policymakers aware that there is a difference between risk versus harm, and how should we be thinking about that?

Statistics on risk (for example, the proportion of children being exposed to online pornography) are inevitably higher than statistics on harm (for example, the proportion of children who are damaged, upset, or threatened by online pornography or other online risks). In our findings, around one in eight children aged 9–16 across Europe had seen explicit online sexual images, but only one in three of those said that was an upsetting experience. We can take different positions—some will decide that children don’t know what harms them and that all exposure to explicit porn is harmful; others will decide that children’s voices should be respected; there’ll be positions in between too. My main point is that this should be discussed.

Q. What is industry’s role in this discussion?

Two factors influence when risk turns into harm. The first depends on the child and the circumstances in which they use the Internet. A psychologically vulnerable child has less resilience when finding extreme images and is more readily upset. The second depends on the industry’s design of the online environment. If a mildly pornographic image links to more extreme images, risks can lead to harm. If a search for self-harm offers professional advice on sources of help (instead of peer advice on how to cut), risk may not lead to harm.

One hopes that multiple stakeholders—including industry, child welfare, and researchers—will discuss openly where the risks are arising and work together to minimize harm. Ideally, they’d find ways that don’t restrict children’s opportunities to explore and benefit from the Internet.

Q. What do you think parents struggle with the most, and what would you tell them to help calm their anxiety about their kid’s digital lifestyles?

I think parents struggle with two things in particular. The first is that the media are full of panicky headlines that raise fears of abduction, porn addiction, and cyberbullying, and it would help if the media could raise awareness in a more balanced and proportionate way. The second is that they struggle with protecting versus empowering their children. Parents want to trust their kids and respect their privacy. Stakeholders need to provide more nuanced and age-sensitive advice to guide parents. And parents should read the press more critically and listen to their children more sensitively.

Q. Kids are going online at increasingly younger ages. Most of our work focuses on reaching parents of children and teens, but who is thinking about the really young kids, 2–5-year-olds?

The marketing and content industries are thinking about very young kids as a new market. Despite claims of educational outcomes, there is very little evidence that it benefits kids to be going online so young. A few researchers are also studying the contexts and consequences of young kids’ Internet use, and I hope we see more of this in the future.

Q. Where is the online safety debate headed? There is talk about moving from a “safer” to a “better” Internet, and from protecting kids to empowering them. Is a shift taking place? What will the impact be?  

The argument for a better Internet for kids is a good one: there’s no point having a safe Internet if it has little that’s great for kids to do. Dealing with the risk of harm should become a ‘hygiene factor’: like immunizations against disease or reliable systems for clean water, life without good hygiene is problematic, even intolerable. Once those systems are in place, the important questions are about how society should be organized for positive goals. We are so preoccupied with eliminating threats that we’ve lost sight of what we want for the Internet. Remember those early debates about kids having the world of knowledge at their fingertips. What’s our present vision of what we want for kids? That’s where creative thinking is now needed.

Q. There has been a lot in the news from the UK recently. Any thoughts on what PM Cameron is trying to accomplish?

Our prime minister has put children’s Internet safety high on the political agenda. He is focused on eliminating child abuse images from the Internet. He has also insisted that all ISPs provide usable filters for parents. While welcoming both developments, I have two concerns. The first is that we will need new research to be sure that the benefits are reaching children: will children encounter fewer risks online, will their parents feel more empowered to deal with what worries them, and will this be achieved in ways that don’t restrict children’s rights to free expression, privacy, and participation. Second, government intervention online always raises concerns about wider freedom of expression, censorship, and rights. I would like to see an independent, accountable, trusted body established to oversee child protection and empowerment online in a way that responds to wider public concerns. This would also help ensure that Internet safety remains on the agenda.

Q. Lastly, the theme for Safer Internet Day in 2014 is “Let’s Create a Better Internet Together.” Will you be doing anything special to mark the day?

A. We plan to release the first part of our report on the qualitative work on kids’ perceptions of risk that I described earlier. But the findings are a secret till then! I will be in Brussels announcing the winner of the EC’s positive online content competition, of which I chair the jury. That’s a nice role—celebrating what’s good about the Internet for kids.

What is HTTPS?

January 21st, 2014 No comments

HTTP stands for Hypertext Transfer Protocol. It’s the language that is used to deliver information over the web, and it’s the first element you see in any URL.

Most web browsers (including Internet Explorer) use an encrypted protocol called Secure Sockets Layer (SSL) to access secure webpages. These pages use the prefix HTTPS. The “s” stands for secure.

If you’re just browsing the web and not entering any sensitive information, HTTP:// is just fine. However, on pages where you enter your password, credit card number, or other financial information, you should always look for the https:// prefix. If you don’t see the “s,” don’t enter any information that you want to keep secure.

For more information, see Privacy in Internet Explorer.