SEC303 Assessing and Managing Privacy in the Enterprise JC Cannon Privacy Strategist
Agenda Planning and assessing enterprise privacy Managing WMP & Office privacy settings Managing Internet-based Services in Windows Server 2003 Integrating P3P into your websites
Privacy Framework Push privacy features in PR & conferences Content on ms.com and MSDN privacy sites Interact with privacy leaders & analysts Privacy training for all teams Privacy analysis on features & components Privacy settings linked to group policy Turn off communications to the Internet Turn privacy settings off Protect access to data Privacy deployment guidelines Visible first-run experience Privacy response team creation PD 3 + Communications Privacy by Design Privacy by Default Privacy in Deployment Communications
Planning for Privacy Build a team of privacy professionals Provide privacy training for your entire company Create a corporate privacy policy Deploy the policy to each team in your company
Planning for Privacy Defining policy Define policy Ensure compliance Audit deployments Corporate Privacy Group MarketingHRSupport Define processes Deploy to all teams Data handling Application deployment Partner relationships
Document Data Usage Things to look for Is the data encrypted during collection, storage, and transfer Is there physical and programmatic security for the data Is a good auditing mechanism in place How do users access their data Is there a retention policy
Document Data Usage Collection Storage Sharing Onward transfer
Documenting Applications Office Online helpDisabled CEI ProgramDisabled IRMEnabled Inventory all applications Determine a policy for privacy settings Use group policy where possible to enforce your policy
Partner Relationships Make sure that partners understand your privacy policies Understand their privacy practices Always have a signed agreement in place before exchanging data
Office 2003 Internet/Privacy Based Features Internet Help Office Update Information Rights Management Document metadata Spotlight feature updates links from the Internet Document templates assist with protecting data
Office 2003 Word Privacy settings
Office 2003 Administrative Templates ADM fileApplication Office11.admShared Office11 components Access11.admMicrosoft Access11 Excel11.admMicrosoft Excel11 Gal11.admClip Organizer Instlr11.admWindows Installer 2.0 Outlk11.admMicrosoft Outlook11 Ppt11.admMicrosoft PowerPoint11 Pub11.admMicrosoft Publisher11
Office 2003 Information Rights Management Works with Windows Server 2003 Rights Management Server Protects documents from invalid access Controls read, write, printing, and forwarding of documents Can be used for legislation compliance GLBA, HIPAA, and Patriot Act Based on visible, embedded address
Office 2003 Information Rights Management Author registers document Document goes to reviewer Reviewer gets document rights
Office IRM Permissions Dialogs
Office IRM Some things can’t be avoided
Controlling Office Privacy Settings demo demo
Windows Media Player 9 Overcoming Bad WMP 8 Practices Forgot to disclose new features in WMP 8 privacy statement Privacy expert announced, “MS can track the DVDs you watch.” Privacy settings were missing or vague Also, locally stored metadata lacked protection and access Responses to privacy issues were not coordinated
Windows Media Player 9 Install experience
Windows Media Player 9 Privacy settings
Controlling WMP9 Privacy Settings demo demo
Internet-Based Services Benefits Improve user experience Maintain high level of security and reliability Provide innovative features Reduce piracy
Internet-Based Services Misunderstandings No “backdoor” to obtain user data Microsoft does not sell, rent, or lease customer data to other companies
Internet-Based Services List for Windows Server 2003 Activation and registration Application Help Certificate Support Device Manager Driver Protection Dynamic Update Event Viewer File Association Help and Support Center HyperTerminal Internet Explorer 6.0 Internet Information Services Internet Protocol v6 NetMeeting Online Device Help Outlook Express 6.0 Plug and Play Program Compatibility Wizard Remote Assistance Search Companion Windows Error Reporting Windows Media Player Windows Time Service Windows Update
Windows Error Reporting Error Dialog
Windows Error Reporting Settings
Controlling Windows Error Reporting Privacy Settings demo demo
Windows Update Settings
Controlling Windows Update Privacy Settings demo demo
Using Group Policy to Control Privacy Settings demo demo
Internet Explorer 6.0 Privacy Features P3P based privacy functionality Permits cookie management Based on domain name Based on cookie type Based on level of desired privacy Integrating P3P improves trust
Internet Explorer 6.0 Privacy settings
Building P3P Content PolicyReferencePagePolicyReferencePage HTMLPolicyPageHTMLPolicyPageXMLPolicyPageXMLPolicyPage CompactPolicyDefinitionCompactPolicyDefinition
Ask The Experts Get Your Questions Answered I will be available at the Windows Server 2003 until 2 July
Community Resources Most Valuable Professional (MVP) Newsgroups Converse online with Microsoft Newsgroups, including Worldwide User Groups Meet and learn with your peers
Suggested Reading And Resources The tools you need to put technology to work! TITLE Available Microsoft® Windows® Security Resource Kit: Today Microsoft® Windows® Server 2003 Administrator's Companion: Today Microsoft Press books are 20% off at the TechEd Bookstore Also buy any TWO Microsoft Press books and get a FREE T-Shirt Writing Secure Code second edition Today
Using Windows in a Managed Environment Location of White Papers Windows XP SP1 ntain/xpmanaged/00_abstr.asp Windows 2000 SP3 0pro/maintain/w2kmngd/00_abstr.asp Windows Server er2003/maintain/security/ws03mngd/00_abstr.asp
Other Resources Internet Explorer Administration Kit aintain/xpmanaged/00_abstr.asp Deploying P3P on your website iew/createprivacypolicy.asp Office 2003 Resource Kit
evaluations evaluations
© 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.