Thank you for sharing!

Your article was successfully shared with the contacts you provided.
On Aug. 8, Microsoft entered into a 20-year consent order with the Federal Trade Commission with respect to alleged failures of its Passport authentication service to protect the privacy and security of personal information. Hopefully, the consent order will result in ensuring the security of personally identifying information. PASSPORT Passport was designed to permit use of one sign-in to gain access to various Internet services. As part of Passport, Microsoft compiles a user’s ID, password and other personally identifying information, and this “wallet” follows a customer to enable the customer to participate in a number of online transactions. Among other services, Microsoft has utilized Passport for Hotmail and MSN Messenger e-mail services, Microsoft’s .Net Web service, Microsoft Reader e-book purchases and Microsoft Developer Network access. FTC ACTION The FTC filed a complaint, charging that Microsoft failed to comply with its own privacy statements about Passport. Specifically, the FTC alleged that Microsoft misrepresented (a) the security of Passport and the personal information that it stored, (b) the security of online purchases made with the Passport wallet, (c) the types of information Microsoft harvested from Passport users, and (d) the level of parental control over information collected as part of the Kids Passport service. CONSENT DECREE Microsoft ultimately settled with the FTC, resulting in a consent order that places fairly onerous requirements on Microsoft. First, Microsoft is expressly prohibited from misrepresenting personal information collected from customers, the extent to which its services will protect the privacy and security of personally identifiable information, steps to be taken to protect personal information, and the extent to which a service allows parents to control information about their children. Second, Microsoft is required to establish and maintain a comprehensive information security program in writing that is reasonably designed to protect the security of personally identifiable information. Third, within one year and then on a biannual basis, Microsoft is required to obtain a report from an objective, independent professional with respect to its security program and how that program protects personally identifiable information. Fourth, for a period of five years, Microsoft is required to maintain and make available to the FTC on request its representations to customers regarding Microsoft’s collection, use and security of personally identifiable information. Finally, the consent order by its own terms stays in effect for 20 years from the date of issuance, or 20 years from the date the FTC files a complaint relating to any violation of the order, whichever comes later. MOVING FORWARD One must think there was some fire where there was smoke, based on Microsoft’s agreement to the consent order. The order places real requirements on Microsoft, and we should hope that Microsoft will live up to its responsibilities in complying with the order. Eric J. Sinrod is a partner in the San Francisco office of Duane Morris, where he focuses on technology and litigation matters. His Web site is sinrodlaw.com and his firm’s site is Duane Morris.Mr. Sinrod may be reached by e-mail at [email protected]

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.