Microsoft Case Study

Having IAPP certification has created a valuable peer group for Microsoft’s privacy professionals.
Kim Howell, CIPP/US
Director of Privacy and Online Safety Policy, Microsoft

Have a representative from the IAPP contact me











1 2-5
6-10 10+
How Microsoft Leveraged IAPP Certification and Training to Enhance a Privacy-aware Culture and Build Customer Trust
Sector:
Technology
Headquarters:
Redmond, WA
Number of CIPPs:
100+
Number of IAPP Privacy Trained:
100+

OVERVIEW

As Microsoft’s technology has evolved from traditional software to online services and cloud computing, privacy has become increasingly essential to its business. With the help of the IAPP, and thanks to a corporate culture that emphasizes privacy, Microsoft now boasts more than 100 IAPP-trained and CIPP-certified professionals throughout the company, as well as a corporate culture that emphasizes the importance of privacy.

Next: Challenges

Return to Case Studies

CHALLENGES

User Trust and Employee Education

The launch of MSN online services in the mid-1990s involved data collection and advertising, which meant handling sensitive information. Microsoft needed to ensure their customers understood how that information was being handled. Kim Howell, CIPP/US, Microsoft’s Director of Privacy and Online Safety Policy, explains: “It was important that the customer felt that they were in control and could trust us with that information.”

Microsoft sought a way to make it clear to the company as a whole that its users’ privacy was important. The goal was to make sure that the people with the authority to sign off on high-risk privacy reviews had the knowledge necessary to make sure those assessments were done correctly.

Next: Solution

Return to Case Studies

SOLUTION

A Privacy-Focused Culture that Emphasizes Privacy Training and CIPP Certification

Microsoft fosters a company-wide commitment to privacy, which extends beyond privacy managers to departments across the organization. Through a special licensing agreement with the IAPP, training is made available to all employees online via the Microsoft Intranet, and employees are encouraged to test for the CIPP and attend IAPP conferences. Of the more than 100 CIPP-certified professionals at Microsoft, only half are privacy managers. The other half are in adjacent professions, including developers and engineers. These individuals serve as the eyes and ears of privacy, and funnel issues up to the privacy managers. Says Howell, “Employees like to be certified; they find it gives them a greater understanding of their job.”

Microsoft also works hard to help privacy managers maintain their knowledge with innovative continuing education programs. They have implemented an annual “upgrade” where the IAPP comes to the Microsoft campus and updates them on what is happening in the privacy field. In addition, they established a Community Enablement Program, which holds regular monthly meetings with privacy managers (currently 80 of them), and weekly office hours.

Next: Results

Return to Case Studies

RESULTS

Better Decision-Making, Improved Productivity, Sense of Community

Many Microsoft employees voluntarily go through the CIPP program to help them understand the value of privacy, even if it’s not their primary responsibility. What began as a grass roots effort has resulted in Microsoft having more CIPPs than any other organization in the world. By fostering a company-wide commitment to understanding privacy, processes have become more fluid, and employees are better equipped to make critical decisions and identify privacy risks. “The more ingrained privacy is in people’s work, the easier it is not to have to correct things at the last minute,” Howell says.

Widespread CIPP certification and training makes it easier for privacy to be impactful because it becomes part of the process and product cycle. “People are building privacy in from the beginning and then privacy managers are just coming in and double-checking that they have followed privacy protocol,” explains Howell. This has resulted in improved productivity across the company.

Unlike developers and engineers that have a well-documented career path, privacy is still somewhat undefined. The IAPP has helped Microsoft’s CIPPs to define a career path, and enabled them to feel part of a larger community. “Having IAPP certification has created a valuable peer group for Microsoft’s privacy professionals,” says Howell.

Next: Next Steps

Return to Case Studies

NEXT STEPS

Further Increase Awareness and Enhance the Number of CIPPs

Microsoft is committed to continuing to increase awareness of privacy across the organization. In order to ensure that employees are working from the same knowledge baseline company-wide, Microsoft is working with the IAPP to create a program that results in CIPP certification with an addendum that includes Microsoft standards.

Download the PDF

Return to Case Studies

For more information about group certification and privacy training, contact us at sales@privacyassociation.org or +1 603.427.9200.