Privacy in software development
1 / 84

Privacy in Software Development - PowerPoint PPT Presentation

  • Updated On :

Privacy in Software Development. Secure software made easier . Agenda. Privacy Basics Privacy Guidelines for Developing Software and Services Section I: Definitions and Concepts Section II: Development Scenarios and Guidelines Driving Privacy Compliance Additional Resources.

Related searches for Privacy in Software Development

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Privacy in Software Development' - kata

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Privacy in software development l.jpg

Privacy in Software Development

Secure software made easier

Agenda l.jpg

  • Privacy Basics

  • Privacy Guidelines for Developing Software and Services

    • Section I: Definitions and Concepts

    • Section II: Development Scenarios and Guidelines

  • Driving Privacy Compliance

  • Additional Resources

Purpose scope l.jpg
Purpose & Scope


  • Provide an introduction to privacy guidelines for developing software and services.


  • Product

  • Services

  • Website privacy guidelines

Learning objectives l.jpg
Learning Objectives

Upon completion of this course, you should be able to:

  • Describe principles and impacts of privacy compliance.

  • Define best practices for collecting, storing and using personal data.

Privacy and security l.jpg
Privacy and Security

  • Privacy: Empowering users to control collection, use, and distribution of their personal information.

  • Security: Establishing protective measures that defend against hostile acts or influences and provides assurance of defense.

  • Privacy AND Security are key factors for trust.

Data types l.jpg
Data Types

  • Anonymous Data

Pseudonymous Data

Personally Identifiable Information (PII)

Sensitive PII

Data types anonymous l.jpg

  • Note: Information associated with PII must be treated as PII

Data Types: Anonymous

  • Anonymous Data

  • Is not unique or tied to a specific person.

  • Includes: Hair color, system configuration, method of purchase, statistics distilled from many users.

Pseudonymous Data

Personally Identifiable Information (PII)

Sensitive PII

Data types pseudonymous l.jpg
Data Types: Pseudonymous

  • Unique identifier does not identify a specific person, but could be associated with an individual.

  • Includes: Unique identifiers, biometric information, usage profiles not tied to a known individual.

  • Until associated with an individual, data can be treated as anonymous.

  • Anonymous Data

Pseudonymous Data

Personally Identifiable Information (PII)

Sensitive PII

Data types pii l.jpg
Data Types: PII

  • Anonymous Data

  • Data that identifies (or can be used to contact or locate) a specific individual.

  • Includes: Name, address, phone number, fax number, email address, or any information associated with PII.

Pseudonymous Data

Personally Identifiable Information (PII)

Sensitive PII

Data types sensitive pii l.jpg
Data Types: Sensitive PII

  • Anonymous Data

  • A subset of PII that has special requirements due to higher risk associated with the data.

  • Includes: Medical and/or financial data, national ID numbers (e.g., SSN), and credit card information.

  • Also includes data that could be used to discriminate (i.e. race/ethnicity; political, religious or philosophical beliefs; union membership).

Pseudonymous Data

Personally Identifiable Information (PII)

Sensitive PII

Aol search data aug 2006 l.jpg
AOL Search Data: Aug. 2006

A Face Is Exposed for AOL Searcher No. 4417749

Notice and consent fundamentals l.jpg
Notice and Consent Fundamentals

  • Please send me the latest information

    on special offers of Xbox® games.

Notice and consent continuum l.jpg
Notice and Consent Continuum

Privacy Risk




Implicit Opt-Out Explicit Opt-In Explicit


Redirecting the user’s Internet searches

Transfer of PII and Sensitive PII

Local Storage of Hidden PII

Use of PII for Secondary Purposes

Local Storage of Sensitive PII

Installation of Software

Adding a toolbar to the user’s web browser

One-time Transfer of Anonymous Data

Enabling Automatic Update

Displaying web site when a user clicks a link

Ongoing Transfer of Anonymous Data

Modifying the user’s browser settings

Data minimization l.jpg
Data Minimization

Collect personal information from individuals only for the purposes identified in the provided privacy notice, and only to provide the product or service the individual has requested or authorized.

Other concepts l.jpg
Other Concepts

  • Privacy controls

  • Shared computers

  • Children’s privacy

  • Software installation practices

  • Server products

  • Pre-release products

  • Essential transfers and updates

Scenarios l.jpg

Transferring PII to and from the user’s system

Storing PII on the user’s system

Transferring anonymous/pseudonymous data from user systems

Installing software on a user’s system

Deploying a web site

  • Storing and processing user data at the company

  • Transferring user data outside the company

  • Interacting with children

  • Server Deployment

  • 1

  • 2

  • 3

  • 5

  • 6

  • 4

  • 7

  • 8

  • 9

Transferring pii to and from the user s system l.jpg

Scenario 1

Transferring PII To and From the User’s System

Examples l.jpg

  • 1

  • Sending product registration to the company.

  • Transferring a file containing hidden PII.

  • Submitting data entered by the user in a Web form.

  • Transferring financial information to a web service.

  • Displaying profile information stored at the company to the user.

Notice and consent l.jpg
Notice and Consent

  • 1

Value Proposition

Privacy Impact

Discoverable Notice

Explicit Opt-in Consent

Notice and consent cont l.jpg
Notice and Consent (cont.)

  • 1

Should clearly distinguish in user interface (UI)between optional and required items.


Slide33 l.jpg

Notice and Consent (cont.)

  • 1

Must provide prominent notice and get explicit consent if PII being transferred will be used for secondary purposes (e.g., marketing).

Security and data integrity l.jpg
Security and Data Integrity

  • 1

Must transfer Sensitive PII using a secure method that prevents unauthorized access.

Should transfer PII using a secure method that prevents unauthorized access.

Slide35 l.jpg

Security and Data Integrity (cont.)

  • 1

Run controls on server for assurance.

Slide36 l.jpg

Customer controls

  • 1

The user must be able to control automatic collection and transfer of PII.

Slide37 l.jpg

Facebook Beacon: Dec. 2007

  • 1

  • Meant to provide “trusted referrals”on the Facebook profile.

  • Broadcasted off-Facebook activities (e.g., purchases at online retailers, reviews at other sites, auction bids) in the user’s profile without consent.

  • Many Facebook users closed their accounts in response.

Slide38 l.jpg

Facebook Beacon: Outcome

  • 1

  • Users are asked to approve broadcast of each off-network behavior before they become visible in the user’s profile.

  • Privacy advocates filed complaint with the FTC.

  • Users can now opt-out completely.

Slide39 l.jpg

  • 1

  • allowed users to view purchases going back 10+ years.

  • Using only name, phone number and street address, you could view purchases of any user.

  • Feature was quickly removed.

  • $5 million class action suit was filed shortly thereafter.

Storing pii on the user s system l.jpg

Scenario 2

Storing PII On the User’s System

Examples41 l.jpg

  • 2

  • Storing the user’s contacts.

  • Caching Web pages that contain PII.

  • Storing PII in cookie.

Notice and consent42 l.jpg
Notice and Consent

  • 2

  • Must provide user with notice and get consent prior to storage of Sensitive PII, or when storing PII in a persistent cookie.

  • Should provide Discoverable Notice describing what data is stored and how to control prior to storing Hidden PII (e.g., metadata).

Customer controls l.jpg
Customer Controls

  • 2

Users should be able to:

  • Control whether PII is stored.

  • Delete any PII stored on the user’s system,including Hidden PII.

Users mustbe able to view and edit stored PII they entered.

Transferring anonymous pseudonymous data from user systems l.jpg

Scenario 3

Transferring Anonymous/ Pseudonymous Data From User Systems

Examples46 l.jpg

  • 3

  • Anonymous monitoring by an ISP to assess the quality of an Internet connection.

  • Sending anonymous error reports to the company.

Notice and consent47 l.jpg
Notice and Consent

  • 3

Ongoing : Must provide user with Prominent Notice, and get Explicit Consent prior to collection.

Notice and consent cont48 l.jpg
Notice and Consent (cont.)

  • 3

One-time: Must get consent from the user prior to transfer, and provide Discoverable Notice.

User and administrator controls l.jpg
User and Administrator Controls

  • 3

Ongoing: User must be able to stop subsequent collection and transfer.

Installing software on a user s system l.jpg

Scenario 4

Installing Software Ona User’s System

Examples51 l.jpg

  • 4

  • Installing a boxed product.

  • Installing a download.

  • Installing automatic updates.

  • Installing Active X controls.

Notice and consent52 l.jpg
Notice and Consent

  • 4

  • Must provide Prominent Notice and get Explicit Consent before:

Notice and consent cont53 l.jpg
Notice and Consent (cont.)

  • 4

  • Should provide Prominent Notice in the UI when privacy settings are migrated.

  • Should not migrate a privacy setting on an upgrade if the meaning of the privacy setting has changed.

  • Should not migrate any privacy settings from apre-release version to a final release version.

Security l.jpg

  • 4

Should digitally sign software with a certificate from a well-known, trusted authority to help ensure integrity.

Controls l.jpg

  • 4

  • Use standard mechanisms that allow users to control installation and uninstallation.

  • User must be able to stop subsequent updates.

  • Administrator must be able to enable/disable ongoing update mechanisms.

Zango nov 2006 l.jpg
Zango: Nov. 2006

  • 4

  • One of world’s largest distributors of adware (usually bundled with “lureware”).

  • Adware sends Internet usage data to Zango, and displays pop-up ads based on usage.

Deploying a website l.jpg

Scenario 5

Deploying a Website

Example l.jpg

  • 5

  • Creating a web portal directed at consumers.

Notice and consent59 l.jpg
Notice and Consent

  • 5

Must provide a link to company-approved Privacy Statement on every web page.

Use of cookies l.jpg
Use of Cookies

  • 5

  • Must not use persistent cookies where a session cookie would satisfy the purpose.

  • Should not store PII in a persistent cookie unless absolutely necessary.

  • Must get Explicit Opt-In Consent from user for persistent cookies that store PII.

Storing and processing user data at the company l.jpg

Scenario 6

Storing and Processing User Data at the Company

Examples62 l.jpg

  • 6

  • Storing user data in database or web log.

  • Generating statistics from collected user data.

  • Transferring data from one internal group to another internal group.

Security and data integrity63 l.jpg
Security and Data Integrity

  • 6


  • Store PII using appropriate security mechanisms to help prevent unauthorized access.

  • Restrict PII access to those with a need to know, and revoke access when no longer needed.

  • Store minimum amount of data, for the shortest amount of time necessary to achieve business purpose.

  • Maintain data integrity.

Access l.jpg

  • 6


  • Provide a secure mechanism for users to access and correct stored PII.

  • Authenticate users viaa company-approvedprocess before collecting,displaying, or modifyingPII or contact preferences.

Bj s warehouse l.jpg
BJ’s Warehouse

  • 6

  • Obligations

  • Do what you say.

  • Keep personal information secure, regardless of wording used in Privacy Statement.

  • Complaint: Alleged that BJ’s did not employ reasonable and appropriate measures to secure PII collected at its stores (no reference to representations in privacy statement).

  • Settlement: (1) maintain comprehensive ISP, (2) biannual independent audits of security program for 20 years.

Transferring data outside of the company l.jpg

Scenario 7

Transferring Data Outside of the Company

Examples67 l.jpg

  • 7

  • Sending PII from the company to an agent.

  • Sending PII from the company to an independent third party that will use PII for its own purposes.

Notice and consent68 l.jpg
Notice and Consent

  • 7

To share PII to with an independent third party:

  • Provide separate Explicit Opt-In Consent mechanism.

  • Provide link to third party Privacy Statement.

    To share PII with an agent:

  • Discoverable Notice is required.

  • Limit use to what was disclosed at point of collection.

Interacting with children l.jpg

Scenario 8

Interacting With Children

Examples71 l.jpg

  • 8

Note: These rules apply only to the U.S., South Korea and Spain, where they are legal requirements.

  • Hosting a website intended to help elementary school children with their homework.

  • Collecting a user’s age or birth dateon a website that is not inherentlyattractive to children.

Under 13

The United States

Under 14

SpainSouth Korea

Notice and consent72 l.jpg
Notice and Consent

  • 8

  • IF:

  • Site or service is attractive to or directed at children;

  • Site collects, uses or discloses user PII;

  • The user is underage;


  • Age should be collected in a manner that doesn’t encourage children to lie.

  • Session cookies should be used to prevent children from back-clicking to change their age.

  • THEN:

  • Collect age of all users.

  • Block PII collection and disclosure; OR

  • Notify parent, and obtain consent prior to collection, use or disclosure.

Access73 l.jpg

  • 8

Must provide parents reasonable access to information collected from their children.

Xanga com and coppa sept 2006 l.jpg and COPPA: Sept. 2006

  • 8

  • Social networking site

  • FTC alleged Xanga had actual knowledge they were collecting and disclosing personal information from children under 13.

  • Site stated that individuals under 13 could not join.


Server deployment l.jpg

Scenario 9

Server Deployment

Examples76 l.jpg

  • 9

  • Software installation in an enterprise.

  • Storage of user data in an enterprise.

  • Transfer of user data outside enterprise firewall.

Notice and consent77 l.jpg
Notice and Consent

  • 9

  • Must disclose any known privacy implications for server features.

  • Must get Explicit Opt-In Consent from administrator priorto transfer of data from the server over the Internet.

  • Must identify or provide a mechanism that allows a systemadministrator to restrict overall access to user data.

  • Must identify or provide a mechanism an ApplicationAdministrator to protect stored user data fromunauthorized Instance Administrators.

  • Must identify or provide a mechanismfor an Instance Administrator toprotect user data.

Explicit opt-in consent

Controls78 l.jpg

  • 9

  • Should identify or provide a mechanism to help an Instance Administrator prevent disclosure of user data.

  • Should provide a mechanism that allows an administrator to manage distribution of data outside the organization or firewall.

Summary80 l.jpg

You should now understand:

  • Privacy principles.

  • Impacts of Privacy noncompliance.

  • Guidelines for collecting, storing and using personal data.

Resources l.jpg

For more information see:

“Privacy Guidelines for Developing Software Products and Services”

  • 83ec-a18d1ad2fc1f&displaylang=en

Resources82 l.jpg

  • SDL Portal

  • SDL Blog


  • SDL Process on MSDN (Web)


  • SDL Process on MSDN (MS Word)


Slide84 l.jpg

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.