Microsoft Turns Focus On Privacy

But Microsoft has given short shrift to a second concern outlined in the so-called "Trustworthy Computing" memo - protecting privacy - except when forced by the government. With the hiring of a new privacy chief, the software company is hoping to improve its privacy record and keep government regulators at bay.

Peter Cullen will join Microsoft July 14 as its chief privacy strategist, leaving his position as corporate privacy officer for Royal Bank of Canada. Cullen is replacing former chief privacy officer Richard Purcell, who left earlier this year.

"What we want to focus on as a company is being more of a leader in this area and taking proactive steps," said Scott Charney, chief Trustworthy Computing strategist. "I expect to see going forward (Microsoft) get much more proactive in the way we address privacy issues, not wait for government regulators to say this is a good idea."

It's an encouraging step for a company that has not always had a good record on privacy issues, said Beth Givens, director of San Diego-based Privacy Rights Clearinghouse, a nonprofit consumer education group.

Microsoft has needed government prodding in the past to make changes, she noted, but said she is seeing some changes since Gates' memo urging the company to focus on making its software more secure from attacks and giving people control over their personal data.

Microsoft "appears to be making a very sincere effort to change its corporate culture," Givens said, but added, "It's going to take a little time."

In the past year, Microsoft has resolved concerns brought by the Federal Trade Commission and the European Union over how it treats data collected through its Passport service. Passport allows registered users to enter personal data just once and use a digital "passport" to enter multiple Web sites.

The FTC found that Microsoft made deceptive claims and misrepresented the security surrounding the design and use of Passport, and collected more information from consumers than it reported. Microsoft promised not to make future misrepresentations about the information it collects and to abide by specific security requirements.

Microsoft also made other changes to its Passport service, giving consumers more control over how their information is shared, in order to satisfy the European Union.

Charney acknowledged the company has most clearly focused on security, spending hundreds of millions of dollars combing through software code to eliminate flaws.

Privacy has not received nearly the same level of attention, he said. For one thing, he said, terrorism fears and customers' clamoring for secure software made security a top priority. Also, privacy is more difficult to define. People consider some data private that others would freely give out, he said.

But the company has made changes in new products such as its Windows Media 9 player. Microsoft also is revamping a "privacy health index" which helped evaluate employees' level of training and education on privacy issues.

In the months ahead, the company hopes to give Microsoft users a single way to access their personal data and control options for sharing that data, Charney said.