Microsoft Calls for National Privacy Law
Here’s some good news from Microsoft:
In an eight-page document released on Capitol Hill today, Microsoft outlined a series of steps it would like to see Congress take to preempt a growing number of state laws that impose varying requirements on the collection, use, storage and disclosure of personal information.
According to the press release:
[Microsoft’s senior vice president and general counsel Brad] Smith described four core principles that Microsoft believes should be the foundation of any federal legislation on data privacy:
- Create a baseline standard across all organizations and industries for offline and online data collection and storage. This federal standard should pre-empt state laws and, as much as possible, be consistent with privacy laws around the world.
- Increase transparency regarding the collection, use and disclosure of personal information. This would include a range of notification and access functions, such as simplified, consumer-friendly privacy notices and features that permit individuals to access and manage their personal information collected online.
Provide meaningful levels of control over the use and disclosure of personal information. This approach should balance a requirement for organizations to obtain individuals’ consent before using and disclosing information with the need to make the requirements flexible for businesses, while avoiding bombarding consumers with excessive and unnecessary levels of choice.
- Ensure a minimum level of security for personal information in storage and transit. A federal standard should require organizations to take reasonable steps to secure and protect critical data against unauthorized access, use, disclosure modification and loss of personal information.
Here’s Microsoft’s document, with a bunch more details.
With this kind of thing, the devil is in the details. But it’s definitely a good start. Certainly Microsoft has become more pro-privacy in recent years.
Fred F. • November 7, 2005 12:41 PM
If you look at their last 10-K they are worried about being the target of law suits which they are pretty protected for in the US by their EULA but that has never been testen in court. The wind may be changing and they probably identified that as a big risk with this being CYA due diligence.