Microsoft on the Issues https://blogs.microsoft.com/on-the-issues News and perspectives on legal, public policy and citizenship topics Fri, 26 May 2017 18:35:22 +0000 en-US hourly 1 https://wordpress.org/?v=4.7.5 Sharing new customer resources for EU’s General Data Protection Regulation https://blogs.microsoft.com/on-the-issues/2017/05/26/sharing-new-customer-resources-eus-general-data-protection-regulation/ Fri, 26 May 2017 18:31:45 +0000 http://blogs.microsoft.com/on-the-issues/?p=52459 Microsoft on ‘Trust, Privacy and the GDPR’ – webinar replay available now Meeting the requirements of the European Union’s landmark General Data Protection Regulation (GDPR) by May 25, 2018 is a pressing topic for many organizations worldwide. In our effort to provide customers with helpful GDPR compliance resources, we hosted a GDPR webinar with a panel of thought leaders earlier this week titled, “Microsoft on Trust, Privacy and the GDPR.” Read more »

The post Sharing new customer resources for EU’s General Data Protection Regulation appeared first on Microsoft on the Issues.

]]>
Microsoft on ‘Trust, Privacy and the GDPR’ – webinar replay available now

Meeting the requirements of the European Union’s landmark General Data Protection Regulation (GDPR) by May 25, 2018 is a pressing topic for many organizations worldwide. In our effort to provide customers with helpful GDPR compliance resources, we hosted a GDPR webinar with a panel of thought leaders earlier this week titled, “Microsoft on Trust, Privacy and the GDPR.” I’ve outlined some highlights from the discussion below. The on-demand video replay is available here.

Microsoft corporate vice president Julia White speaks to four participants during webinar

Microsoft Corporate Vice President Julia White discusses the GDPR with (top row, left) Bojana Bellamy, president of the Centre for Information Policy Leadership; Valerie Abend, Accenture’s Global Lead for Cyber Regulation; (bottom row, left) Angela Saverice-Rohan, EY Americas’ Data Privacy Lead; and Brendon Lynch, Microsoft Chief Privacy Officer.

GDPR webinar highlights

When I announced our commitment to GDPR compliance back in February, I laid out three areas where you can count on Microsoft: to provide technology solutions that help you meet your GDPR needs, to back up our commitments in our contracts, and to share our experiences so that you can plan your own path to GDPR compliance.

In our webinar, Julia White, Microsoft corporate vice president, Microsoft Azure & Security, detailed our progress in helping customers with their journey to GDPR compliance. Julia discussed how the Microsoft Cloud, including Office 365, Dynamics 365, Azure, and Azure data services, Enterprise Mobility + Security, and Windows 10 can help customers on their GDPR compliance journey.  We have also backed up our commitments through our contracts. And, as our webcast demonstrates, we are sharing our experience, and our partners’ experiences, with you along the way.

We are now one year from the GDPR going into effect and we’re hearing from our customers and partners that there is still much work to be done. We hope our webcast is useful and that you will continue to turn to Microsoft to help with your compliance needs.

Addressing GDPR challenges with the Microsoft Cloud

I’ve had an array of conversations with customers about the work they are doing to translate privacy regulations into business practices and technology solutions. It is clear that data is now a critical asset for all organizations, and that the GDPR will drive a transformational shift in how they govern data. Our customers also recognize that their GDPR-prompted data governance investments will help create more agility and support innovation across their organizations.

In the webinar, Bojana Bellamy, president of the Centre for Information Policy Leadership, offered advice to companies still evaluating how to meet their compliance obligations. “As the GDPR raises the privacy bar to a new level, I think cloud computing is going to help many organizations manage their data better and ultimately be more protective for an organization,” Bellamy said. “If they work with the right trusted partners, it will go a long way towards satisfying their GDPR compliance.”

Multinational organizations delivering products and services on a global basis want to deliver a consistent privacy experience for all their customers. That is where the Microsoft Cloud is an optimal solution, helping expedite their journey to GDPR compliance.

A year seems like a long time, but when you consider how much needs to be done by many organizations, the GDPR deadline will be upon us sooner that we realize. As I talk with customers, I have advised them to take a few simple steps to prepare.  First, organizations need to discover where all their personal data resides. Once it has been identified, they then need to carefully think through how that data is accessed, used and managed.  Second, organizations should establish security controls that prevent, detect and respond to breaches and develop procedures to address data requests, report breaches and keep records.

In addition, it is critical to get top management on board now. The requirements of the GDPR span the company. The chief information security officer, privacy team and the business owners of data need to come to a consensus on a thorough strategy. Organizations that take this kind of comprehensive approach today are going to set themselves up for success a year from now.

Supporting your GDPR journey

We understand that one of your biggest challenges in the coming year is adapting to changing privacy regulations. As the GDPR deadline draws near, we will continue to share resources and tools to help you move forward on your path to GDPR compliance.

Keep up to date by visiting our Microsoft Trust Center: The General Data Protection Regulation webpage, which we continue to expand as we address GDPR customer needs and requests. You can also join our security, privacy and compliance forum. There you can discuss GDPR issues with experts from the ecosystem of partners and consulting firms that we collaborate with, and get best practices from Microsoft’s own privacy and security professionals. As Microsoft improves our products to simplify GDPR compliance and prepares our own business for GDPR compliance, we are dedicated to helping our customers do the same.

On behalf of Microsoft, I want to thank, Bojana Bellamy; Valerie Abend, Accenture’s Global Lead for Cyber Regulation; and Angela Saverice-Rohan, EY Americas’ Data Privacy Lead for lending their invaluable GDPR insights to the webinar discussion.  Data governance and protection are shared responsibilities between Microsoft as a technology provider and our partners and customers – we are all on this GDPR journey together.

The post Sharing new customer resources for EU’s General Data Protection Regulation appeared first on Microsoft on the Issues.

]]>
How the Microsoft Cloud can accelerate your GDPR compliance for the EU https://blogs.microsoft.com/on-the-issues/2017/05/24/microsoft-cloud-can-accelerate-gdpr-compliance-eu/ Wed, 24 May 2017 13:08:53 +0000 http://blogs.microsoft.com/on-the-issues/?p=52432 The European Union’s new General Data Protection Regulation (GDPR) takes effect a year from tomorrow. While some companies have already started working toward GDPR compliance, Gartner believes that less than 50 percent of all organizations will fully comply with the GDPR when it goes into effect on May 25, 2018, writes Julia White, Microsoft corporate vice president of Azure, Hybrid Cloud, Enterprise Security and Management. “We know that the cloud Read more »

The post How the Microsoft Cloud can accelerate your GDPR compliance for the EU appeared first on Microsoft on the Issues.

]]>
The European Union’s new General Data Protection Regulation (GDPR) takes effect a year from tomorrow. While some companies have already started working toward GDPR compliance, Gartner believes that less than 50 percent of all organizations will fully comply with the GDPR when it goes into effect on May 25, 2018, writes Julia White, Microsoft corporate vice president of Azure, Hybrid Cloud, Enterprise Security and Management.

“We know that the cloud can help dramatically increase that compliance rate, and we are dedicated to helping our customers on this journey,” White says.

Nearly a decade ago, Microsoft established its Trusted Cloud Principles to guide Microsoft Cloud technology, White says. “These principles include security, privacy, compliance and transparency. These investments align closely with the intentions of the GDPR, and because of this, the Microsoft Cloud can uniquely provide an expedited journey to GDPR compliance.”

 To learn more, read White’s post on The Official Microsoft Blog.

Suzanne Choney
Microsoft News Center Staff

The post How the Microsoft Cloud can accelerate your GDPR compliance for the EU appeared first on Microsoft on the Issues.

]]>
Empowering a more accessible and inclusive world https://blogs.microsoft.com/on-the-issues/2017/05/18/empowering-more-accessible-inclusive-world/ Thu, 18 May 2017 16:07:49 +0000 http://blogs.microsoft.com/on-the-issues/?p=51964 With the right tools, there are no limits to what people can achieve, including people with disabilities. So today has special meaning: It’s the sixth Global Accessibility Awareness Day focused on raising awareness of digital accessibility to build a more accessible and inclusive world, and a great day to reflect on the journey both past, present and future. As many of you know, our mission at Microsoft is to empower Read more »

The post Empowering a more accessible and inclusive world appeared first on Microsoft on the Issues.

]]>
With the right tools, there are no limits to what people can achieve, including people with disabilities. So today has special meaning: It’s the sixth Global Accessibility Awareness Day focused on raising awareness of digital accessibility to build a more accessible and inclusive world, and a great day to reflect on the journey both past, present and future.

As many of you know, our mission at Microsoft is to empower every person and every organization on the planet to achieve more. Technology can play a tremendous role in each of our journeys to reach our goals. Recently, we’ve had a lot of fun sharing some of the ways we are committed to accessibility and inclusion. Last week at Microsoft Build, Harry Shum, executive vice president of Artificial Intelligence & Research, shared technology that is already having an impact on my life: Real-time captioning in PowerPoint, which is currently in preview and leverages an add-in powered by Microsoft Translator live. This translates speech into one of 10 languages, but also provides speech-to-text with an incredible level of accuracy for folks like me with deafness. Can’t wait for you to try it. In addition, Terry Myerson, executive vice president of the Windows and Devices Group, demoed Narrator developer mode during his Windows keynote, and CEO Satya Nadella closed his keynote with details of new research into technology for people with Parkinson’s called Project Emma. If you haven’t watched the video, please stop what you’re doing and check it out (have tissues nearby).

Sharing stories like Emma’s of how technology can help transform lives inspires us all. It helps to drive awareness and highlight the momentum that accessibility has right now in the world. At Microsoft, it drives us to invest more because accessibility is one of the clear paths to empowerment. Today, I want to share some of the latest and greatest things happening in schools, workplaces and the world of technology, and also some new training and awareness materials we’re launching today. There is a lot to talk about! Let’s get into it.

Empowerment in schools and the workplace

Yesterday I spent the morning with a great group of students with disabilities who are in the USBLN mentor program, getting ready to graduate and looking at employment. It was a reminder that how we help prepare students for their journey in this world will set the stage for all that they can achieve. Achievement begins with access, and to help educators ensure students with disabilities have equal access to information in classrooms, we are today launching a new Microsoft Educator Community course on creating accessible classroom content. This training series is brought to you by Microsoft Innovative Educators who work in Special Education, and over the course of 10 short videos, guides you on how to ensure your classroom is inclusive for everyone. Simple steps, but each of them matters.

Content matters. So does technology. I love the stories those in special education share with us about what students around the world are achieving with free, inclusively designed technologies such as Learning Tools Immersive Reader, OneNote and Office Lens. Learning Tools, introduced in OneNote and now built into Word, is helping students with dyslexia learn to read in new ways. The kids in the video are so authentic in showing how using the reader has impacted them, from reading rates to understanding what success feels like. Much of the success has been via OneNote, which is a powerful collaboration tool that meets the needs of the modern teacher and student. Aligned with our core value of inclusiveness, we redesigned OneNote to bring consistency, accessibility and ease-of-use across all platforms to empower every student. The new redesign for OneNote is rolling out for Windows 10, Mac, iOS, Android and on the web over the coming weeks. 

With Windows, we continue to deliver accessibility features that enable you to do more. The Windows 10 Creators Update continued the journey of accessibility improvements across the spectrum of disability. For people with visual impairment and blindness, we enabled the installation of Windows without sighted assistance, delivered improvements to Narrator and launched the ability to use braille devices with Windows. For the deaf and hard of hearing, mono audio launched to send sounds across left and right ears, and for everyone, improvements to Microsoft Edge including Read Aloud and text spacing make it easier for everyone to read and enjoy text, including people with learning disabilities such as dyslexia and emerging readers, as well as English Language Learners. The goal is to make Windows the operating system people love for working, learning and playing.

Later this year, new features are coming that will benefit people who are blind or have low vision, and people with reading- and writing-related disabilities. We have published those today in a new blog from the Windows team and strongly suggest checking it out. It shows our ongoing commitment to first- and third-party experiences, and I’m so excited about automatic alternative text and color filters, as well as additional Learning Tools in Edge!

We also recently announced Windows 10 S, which promises devices with faster boot times and improved security and reliability. We believe Windows 10 S is great for many customers; however, if you are using third-party assistive technology apps not currently available in the Windows Store, we will be offering a switch to Windows 10 Pro at no additional charge. More details on that when Windows 10 S becomes available.

Lastly, I do want to make sure that our customers saw the announcement from GW Micro that sales of the Window-Eyes screen reader have ended in the United States and Canada. GW Micro will honor existing product purchases and software maintenance agreements and will continue to provide technical support to end users, and it is offering JAWS for Windows as a replacement. Independent of this, we will also be ending the current Window-Eyes screen reader license offer at the end of June, although GW Micro will continue to allow the download of Window-Eyes for free on its own.

Planning the future with smart cities for all

In addition to helping students and professionals, we recognize that civic leaders and the populations they serve have growing needs for resources that are more inclusive. It’s a hot topic in every city I visit. We’ve invested in technologies that can help create inclusiveness between governments and citizens, and in collaboration with G3ict and World Enabled, we recently launched the Smart Cities for All Toolkit. The mission of the Smart Cities for All initiative is to define the state of accessible technology in cities worldwide with a focus on closing the digital divide for people with disabilities and older people. Based on the initiative’s research and insights from a survey of experts around the world, most of today’s Smart Cities are not fully accessible.

The toolkit aims to empower city leaders with resources that will lead to communities that are more inclusive. Resources include guides for implementing ICT accessibility standards and procurement policies, ideas for how to make the case for a stronger commitment to digital inclusion, and a framework for a database of accessibility solutions. It’s a great start in moving the bar of inclusion in cities.

Driving inclusion in the workplace

Now let’s talk people. Disability is a strength. Having people with disabilities as part of your organization empowers the group, team and company to build products and services that reflect the diverse needs of our global customers. So we are focused on hiring, but also building an inclusive culture, which we believe is at the core of building a long-term successful organization.

We recently sponsored the Autism @ Work Summit, bringing together industry experts with businesses looking to start inclusive hiring programs and together look for ways to help more candidates break through traditional barriers to gain competitive employment. This year, Microsoft hosted the first Autism @ Work virtual career fair, providing candidates with autism a unique online experience to meet with recruiters at companies that are looking for talent. Several employers had virtual job booths staffed by online recruiters, including AT&T, EY, Ford, HPE Dandelion, JP Morgan Chase, Microsoft, NCR and SAP. What we are learning from these events is there is still a lot to do when it comes to disability inclusion and accessibility, but working together will accelerate all of our efforts to find talent.

One of the crucial elements to our broad inclusion programs has been building awareness both internally and externally. We’ve worked (and continue to work!) to update our new Microsoft Accessibility homepage and share additional resources to our global customers. Last year, the entire Microsoft workforce (over 100,000 folks!) received training that aimed to reinforce Microsoft’s commitment to accessibility and inclusion. We then developed additional resources for employees to learn more about the various topics that surround disability inclusion and accessibility. Today we are releasing an Introduction to Disability and Accessibility that includes segments from some of our internal training collateral. Grab a cuppa tea and watch! It’s made a difference at Microsoft, and I know it can raise awareness for these important topics at your organization, too.

We want your feedback

If you are reading this and want to get involved, know we NEED your feedback! Feedback is an incredible gift and crucial if we are to really grasp the opportunity to improve the accessibility and usability of our products and services. There are so many ways you can give feedback to us, including the Microsoft Accessibility UserVoice forum. However, the one I want to highlight today is our Most Valuable Professional (MVP) Accessibility Award category, which we have relaunched.

The Microsoft MVP Award is a unique opportunity to join an elite group of accessibility technology experts who make outstanding contributions to their communities. MVPs will have the opportunity to gain early access to new technology, actively help shape the accessibility of Microsoft technologies and join us in Redmond, Washington, for the MVP Global Summit. It’s a chance to really talk to the people behind the products and services I talk about above!

While there is no single way to become an MVP, we are looking for individuals with a deep knowledge of Microsoft products and who demonstrate accessibility expertise, leadership and the desire to help accelerate learning through social media posting, podcasts, meetups and/or giving presentations (just to name a few). If this sounds like you or someone you know, nominate them today.

It takes all of us to get this right

Lastly, my favorite event of the year at Microsoft: Every year for the last seven years, we have hosted an internal event, the Ability Summit, that brings together our employees from across the company to discuss all things related to accessibility and disability inclusion.

To help foster ideas during this event, employees attend sessions across three tracks — Imagine, Build and Enable — and we bring in leaders from across the company to present on projects that align to those themes. Sessions this year included how to leverage Inclusive Design principles, what global policies our teams need to be thinking about, disability disclosure in the workplace and bug bashes (we’re still nerds at heart). We also present Ability Awards for employees who have had the biggest impact this year — and with the amount of passion in this space, it is a brutal job having to pick just a few employees from the multitude of nominations we receive. We also bring in guest speakers from outside the company to help underscore the opportunity that exists within the tech industry to be agents for change. This year we had the pleasure of hosting Jill Houghton, president and CEO of USBLN, and the lieutenant governor of Washington State, Cyrus Habib, and had packed rooms and record attendance. There was no shortage of demands and challenges for our employees to keep moving forward on accessibility and the passion was and is palpable.

I hope that one or many of these snippets help you grow, drive or build awareness on today, Global Accessibility Awareness Day. I’m excited about the progress and the work we still have ahead of us. Raising awareness about accessibility and disability inclusion is key to the enduring values that our company holds. Building great products that encourage you to bring your best into your classroom, your workplace, your city and your social world is where we’ll be focused until a more accessible and inclusive world is fully realized.

 

The post Empowering a more accessible and inclusive world appeared first on Microsoft on the Issues.

]]>
The fight against tech support scams https://blogs.microsoft.com/on-the-issues/2017/05/18/fight-tech-support-scams/ Thu, 18 May 2017 15:00:37 +0000 http://blogs.microsoft.com/on-the-issues/?p=52195 Throughout this month, I will join AARP, the Federal Trade Commission (FTC), Washington State Attorney General Bob Ferguson and BECU at a series of “Unmasking the Imposters“ events to help educate Washington consumers about how to spot and avoid tech support scams. Senior citizens are not the only ones who are being targeted by these fraudsters. If you haven’t experienced a tech support scam yet, chances are you know someone Read more »

The post The fight against tech support scams appeared first on Microsoft on the Issues.

]]>
Throughout this month, I will join AARP, the Federal Trade Commission (FTC), Washington State Attorney General Bob Ferguson and BECU at a series of “Unmasking the Imposters“ events to help educate Washington consumers about how to spot and avoid tech support scams.

Senior citizens are not the only ones who are being targeted by these fraudsters. If you haven’t experienced a tech support scam yet, chances are you know someone who has. According to a 2016 global survey, two out of three people have experienced a tech support scam in the previous 12 months.

World map shows clusters of red circles that are especially concentrated in the United States, Europe and southeast Asia

Microsoft receives an average of 10,000 customer complaints per month about tech support scams from all across the globe.

Cybercriminals use a variety of tactics to defraud consumers from cold-calling and web advertising to persistent and annoying pop-up windows. The global network behind these fraudsters vastly leverages marketing specialists who trade and sell consumer information and generate leads, payment processors who hide the money trail from investigators, small and large call center operations across the world that are trained to convince consumers they have a non-existent technical problem, and software developers who create fake tools that are installed on consumers’ computers to falsely claim the existence of a problem or falsely “clean” a non-existent problem.

Photo shows a pop-up window that fraudulently claims the existence of a technical problem

An example of a recent fraudulent pop-up ad cybercriminals used to defraud consumers.

Microsoft’s approach

Microsoft’s Digital Crimes Unit (DCU) is combatting this scourge of cybercrime by (1) using a data-driven approach to investigate tech support fraud networks and refer cases to law enforcement as appropriate, (2) strengthening our technology to better protect consumers from various fraudulent tactics, and (3) educating consumers about how to stay safe online.

Microsoft encourages customers to directly report their experiences with tech support fraud scams at www.microsoft.com/reportascam. Too often these reports include phrases like “I’m filing this for my 90-year-old grandmother” or “While my grandmother was playing Solitaire on Facebook, a pop-up said the computer had a virus and to call.” Although these individual reports are important, taken alone they are unlikely to be actionable by law enforcement. Our data analytics team uses smart tools to sort and group information to build a more comprehensive view of the scope of the fraud. DCU partners with others, including Microsoft Artificial Intelligence & Research (AI&R), to enrich this data. Together, we have developed a process to capture images of pop-ups being served around the globe at scale and use machine learning to collect critical information to support our cases.

The scale and scope of tech support fraud requires an all-hands-on-deck approach, which is why we regularly convene an industry-wide investigator working group with representatives from Apple, Dell, Yahoo, HP and others. Microsoft participates in the Robocall Strike Force to address the persistent problem of robocalls and telemarketing fraud. And we will continue to engage telecommunications companies, payment processors and web hosting companies in the fight against tech support fraud.

Global efforts to combat tech support scams

On Friday, May 12, we were pleased to see law enforcement take action against a number of tech support fraudsters targeted by Microsoft’s DCU. As part of this coordinated effort, the FTC and its partners announced 16 new actions, including complaints, settlements, indictments and guilty pleas involving deceptive tech support operations. Seven individuals received criminal indictments for their role in the Florida-based Client Care Experts fraudulent operation. From approximately November 2013 through 2016, Client Care Experts victimized over 40,000 people and defrauded these individuals out of more than $25,000,000.

We know cybercriminals don’t stop at geopolitical borders. The DCU leverages our global team to investigate fraud and combat cybercrime from Germany to Singapore and from Canada to India. In November 2016, I joined a delegation to India with representatives from the U.S. Department of Justice and the FTC to meet directly with law enforcement about the critical need to address call center fraud and with members of the business processing industry to discuss the reputation harm they are facing due to persistent call center fraud. In addition to directly referring cases, Microsoft India supported cybercrime training for more than 385 law enforcement officers and over 400 prosecutors in the past year.

Photo of a man and woman on stage instructing a crowd of people

Cybercrime training for prosecutors and judicial officials at Maharashtra Judicial Academy in Mumbai, India, on January 22, 2017.

These efforts are starting to bear fruit. This past fall, Indian law enforcement raided over 12 call centers involved in fraud impacting primarily U.S. consumers, including the infamous IRS and tech support scams. Microsoft will continue to leverage our global team to investigate cybercriminals targeting consumers and refer cases as appropriate to law enforcement. At the same time, international law enforcement must dedicate critical resources to tackle these borderless and evolving crimes.

Building a safer platform

We are building what we learn about the behavior of cybercriminals into improved products for Microsoft consumers. Microsoft has built-in protection in Windows 10, which includes more security features, safer authentication and ongoing updates delivered for the supported lifetime of a device. Windows Defender delivers comprehensive, real-time protection against software threats across email, cloud and web. The SmartScreen filter, built into Windows, Microsoft Edge and Internet Explorer, helps protect against malicious websites and downloads, including many of those frustrating pop-up windows. And, in 2016, Bing blocked more than 17 million fraudulent technical support advertisements.

The best thing you can do to help protect yourself from fraud is to educate yourself. If you receive a notification or call from someone claiming to be from a reputable software company, here are a few key tips to keep in mind:

  • Be wary of any unsolicited phone call or pop-up message on your device.
  • Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.
  • Do not call the number in a pop-up window on your device. Microsoft’s error and warning messages never include a phone number.
  • Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
  • If skeptical, take the person’s information down and immediately report it to your local authorities.

For more information on how to help protect yourself from tech support scams, please see the following:

 

 

 

 

 

 

 

 

The post The fight against tech support scams appeared first on Microsoft on the Issues.

]]>
Why Microsoft is adopting the new international anti-bribery standard https://blogs.microsoft.com/on-the-issues/2017/05/17/microsoft-adopting-new-international-anti-bribery-standard/ Wed, 17 May 2017 16:00:04 +0000 http://blogs.microsoft.com/on-the-issues/?p=52162 A few weeks ago, we announced here, and in Ethisphere Magazine, that Microsoft would be the first U.S. company (and first multi-national company) to seek to certify our anti-corruption compliance program to the new international anti-bribery standard, ISO 37001. This means that an independent and accredited third party will perform a rigorous analysis of our program and ensure that it satisfies the very specific requirements of the new standard. I Read more »

The post Why Microsoft is adopting the new international anti-bribery standard appeared first on Microsoft on the Issues.

]]>
A few weeks ago, we announced here, and in Ethisphere Magazine, that Microsoft would be the first U.S. company (and first multi-national company) to seek to certify our anti-corruption compliance program to the new international anti-bribery standard, ISO 37001. This means that an independent and accredited third party will perform a rigorous analysis of our program and ensure that it satisfies the very specific requirements of the new standard. I thought it was worth explaining further why we’ve decided to undergo such a thorough review, and why we think it’s important that other companies make the same decision.

The consistency problem

We start with the proposition that corruption is a problem that we need to help solve, and not just because it’s important to be on the right side of the law. Corruption is a big drain on economic development and makes it harder for us to realize our mission — to enable every person and every organization on the planet to achieve more. We know that most big companies like Microsoft feel the same way, which is why most companies have established and maintain a program that reduces the risk that they will act in a way that facilitates corruption.

The problem is that companies must tailor their anti-bribery programs to satisfy the legal requirements of different jurisdictions, which also involves trying to comply with a patchwork of often inconsistent guidance from different government agencies as well as nongovernmental organizations and non-government experts. The problem is even worse for our thousands of partners and suppliers, who often must try to meet not only their legal obligations, but also the often different compliance requirements of Microsoft, and the many other companies with which they do business. This is inefficient, leads to confusion and ultimately, increases risk.  Corruption is a cross-border problem and demands a common language to help solve it. That’s where ISO 37001 comes in.

A common language

Microsoft was deeply involved in the U.S. Technical Advisory Group which worked closely with experts from over 60 countries to develop the standard so that it could be useful for all organizations regardless of size, structure or geography. When the standard was published in late 2016, it created a common terminology and provided an objective yardstick for organizations to measure their own program, as well as the programs of the partners in their value chain. It also established a rigorous process for the accreditation of independent third parties who would be charged with evaluating and potentially certifying compliance with the standard.

Next steps

We think a consistent approach to anti-corruption programs is a good thing. That, along with an objective and independent certification process, should give governments around the world confidence that the companies which achieve certification are doing everything they reasonably can to reduce corruption. We encourage other major companies to adopt ISO 37001, and we invite other U.S. companies to work with us on a new Technical Advisory Group to ensure that the standard remains relevant and effective.

The post Why Microsoft is adopting the new international anti-bribery standard appeared first on Microsoft on the Issues.

]]>
Securing digital transformation through IoT cybersecurity policy https://blogs.microsoft.com/on-the-issues/2017/05/15/securing-digital-transformation-iot-cybersecurity-policy/ Mon, 15 May 2017 13:01:45 +0000 http://blogs.microsoft.com/on-the-issues/?p=51913 Around the world, organizations and individuals are experiencing a fundamental shift in their relationship with technology. This transformation, often called the Fourth Industrial Revolution, has been characterized as a fusion of the physical, digital and biological worlds, with far-reaching implications for economies and industries, and even humankind. These changes create new opportunities and challenges for policymakers as traditional governance frameworks and models will have to be reconsidered for a different Read more »

The post Securing digital transformation through IoT cybersecurity policy appeared first on Microsoft on the Issues.

]]>

Around the world, organizations and individuals are experiencing a fundamental shift in their relationship with technology. This transformation, often called the Fourth Industrial Revolution, has been characterized as a fusion of the physical, digital and biological worlds, with far-reaching implications for economies and industries, and even humankind. These changes create new opportunities and challenges for policymakers as traditional governance frameworks and models will have to be reconsidered for a different world.

Graphic entitled "What exactly is the Internet of Things" shows relationship between devices, platform and intelligence

Today, we are releasing a new white paper, Cybersecurity Policy for the Internet of Things, which addresses the critical task of developing cybersecurity policies for IoT. This challenge has particular urgency because the merger of physical and digital domains in IoT can heighten the consequences of cyberattacks. The cybersecurity concerns of IoT user communities — whether consumer, enterprise or government — provide a convenient lens for identifying and exploring IoT security issues. For example, enterprises and governments may identify data integrity as a primary concern, while consumers may be most concerned about protecting personal information. Acknowledging these perspectives is just the start; the real question is what industry and government can do to improve IoT security.

Industry can build security into the development and implementation of IoT devices and infrastructure. However, the number of IoT devices, the scale of their deployments, the heterogeneity of systems and the technical challenges of deployment into new scenarios and potentially unsecured environments require an approach specific to IoT. The IoT ecosystem depends on key players with a diverse range of security capabilities — manufacturers and integrators, developers, deployers and operators — and the paper outlines appropriate security practices for each role.

Graphic shows cycle from building IoT product to maintaining IoT solution

Government can support these efforts through the development of IoT cybersecurity policies and guidelines. As stewards of societal well-being and the public interest, governments are in a unique position to serve as catalysts for the development of IoT security practices, build cross-disciplinary partnerships that encourage public-private collaboration and interagency cooperation, and support initiatives that improve IoT security across borders. There is evidence that this work is well underway, as demonstrated by examples of government initiatives from several countries throughout the paper.

Looking forward, IoT cybersecurity policy will only increase in importance as the world grows more connected and reliant on the efficiencies and opportunities that IoT brings. IoT users and policymakers will face new IoT use cases, including situations where users may not even be aware that they are interacting with a connected device, which will prompt new questions about how to manage security needs alongside opportunities for innovation.

The growth of a secure IoT ecosystem through advancements in technology and policy is important to Microsoft and our customers around the world. We will continue to partner with stakeholders from across the public and private sectors to make this a reality. To learn more about Microsoft’s approach to IoT, please visit www.internetofyourthings.com

 

The post Securing digital transformation through IoT cybersecurity policy appeared first on Microsoft on the Issues.

]]>
The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/ Sun, 14 May 2017 20:06:59 +0000 http://blogs.microsoft.com/on-the-issues/?p=52063 Early Friday morning the world experienced the year’s latest cyberattack. Starting first in the United Kingdom and Spain, the malicious “WannaCrypt” software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year. A Read more »

The post The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack appeared first on Microsoft on the Issues.

]]>
Early Friday morning the world experienced the year’s latest cyberattack.

Starting first in the United Kingdom and Spain, the malicious “WannaCrypt” software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year. A month prior, on March 14, Microsoft had released a security update to patch this vulnerability and protect our customers. While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes were affected.

All of this provides the broadest example yet of so-called “ransomware,” which is only one type of cyberattack. Unfortunately, consumers and business leaders have become familiar with terms like “zero day” and “phishing” that are part of the broad array of tools used to attack individuals and infrastructure. We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident. This included a decision to take additional steps to assist users with older systems that are no longer supported. Clearly, responding to this attack and helping those affected needs to be our most immediate priority.

At the same time, it’s already apparent that there will be broader and important lessons from the “WannaCrypt” attack we’ll need to consider to avoid these types of attacks in the future. I see three areas where this event provides an opportunity for Microsoft and the industry to improve.

As a technology company, we at Microsoft have the first responsibility to address these issues. We increasingly are among the first responders to attacks on the internet. We have more than 3,500 security engineers at the company, and we’re working comprehensively to address cybersecurity threats. This includes new security functionality across our entire software platform, including constant updates to our Advanced Threat Protection service to detect and disrupt new cyberattacks. In this instance, this included the development and release of the patch in March, a prompt update on Friday to Windows Defender to detect the WannaCrypt attack, and work by our customer support personnel to help customers afflicted by the attack.

But as this attack demonstrates, there is no cause for celebration. We’ll assess this attack, ask what lessons we can learn, and apply these to strengthen our capabilities. Working through our Microsoft Threat Intelligence Center (MSTIC) and Digital Crimes Unit, we’ll also share what we learn with law enforcement agencies, governments, and other customers around the world.

Second, this attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers. The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past. This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support.

At the same time, we have a clear understanding of the complexity and diversity of today’s IT infrastructure, and how updates can be a formidable practical challenge for many customers. Today, we use robust testing and analytics to enable rapid updates into IT infrastructure, and we are dedicated to developing further steps to help ensure security updates are applied immediately to all IT environments.

Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them. And it’s why we’ve pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality. This weekend, whether it’s in London, New York, Moscow, Delhi, Sao Paulo, or Beijing, we’re putting this principle into action and working with customers around the world.

We should take from this recent attack a renewed determination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us. We recognize our responsibility to help answer this call, and Microsoft is committed to doing its part.

The post The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack appeared first on Microsoft on the Issues.

]]>
Microsoft appoints globally respected regulator to privacy leadership role https://blogs.microsoft.com/on-the-issues/2017/04/28/microsoft-appoints-globally-respected-regulator-privacy-leadership-role/ Fri, 28 Apr 2017 16:16:47 +0000 http://blogs.microsoft.com/on-the-issues/?p=51825 Microsoft announced today that Julie Brill, former Commissioner of the U.S. Federal Trade Commission (FTC), will join Microsoft to lead privacy, data protection and other regulatory issues as head of its Privacy and Regulatory Affairs Group. Brill will join as corporate vice president and deputy general counsel for Privacy and Regulatory Affairs. She will report directly to Brad Smith, Microsoft’s president and chief legal officer. “Cloud computing, big data and Read more »

The post Microsoft appoints globally respected regulator to privacy leadership role appeared first on Microsoft on the Issues.

]]>
Julie Brill

Julie Brill

Microsoft announced today that Julie Brill, former Commissioner of the U.S. Federal Trade Commission (FTC), will join Microsoft to lead privacy, data protection and other regulatory issues as head of its Privacy and Regulatory Affairs Group.

Brill will join as corporate vice president and deputy general counsel for Privacy and Regulatory Affairs. She will report directly to Brad Smith, Microsoft’s president and chief legal officer.

“Cloud computing, big data and artificial intelligence have the potential to drive profound and positive change across society, but they raise new issues and responsibilities as well,” says Smith. “Julie’s deep expertise in privacy, keen intellect and strong international relationships will enable our customers to use the Microsoft Cloud knowing that we will help meet their global technology regulatory needs.”

Recognized in the United States and around the world as one of the foremost leaders on privacy, data protection and cybersecurity law and policy, Brill will lead the team responsible for shaping the company’s global legal, regulatory and public policy response on some of the most critical issues facing the technology sector today.

In 2010, then-President Barack Obama nominated Brill to serve as Commissioner on the FTC. After unanimous confirmation by the U.S. Senate, Brill served as a commissioner for nearly six years.  She stepped down in early 2016 to co-lead the Global Privacy and Cybersecurity Practice Group at Hogan Lovells, a leading global law firm.

During her time as an FTC Commissioner, Brill established a reputation not just as a leading thinker, but as a highly effective champion for consumers on issues such as privacy, transparency, consumer protection and anti-trust. The National Law Journal cited her as a “2016 Trailblazer in Cybersecurity and Data Privacy,” and the International Association of Privacy Professionals named her as the recipient of its 2014 Privacy Leadership Award.

While at the FTC, Brill worked extensively internationally. She is credited for strengthening relationships between the FTC and European regulators, working closely with them to promote practical solutions to privacy, rooted in consumer protection.

Before being appointed to the FTC, Brill spent more than two decades in public service at the state level. She served as senior deputy attorney general and chief of Consumer Protection and Antitrust for the state of North Carolina, and before that as assistant attorney general for Consumer Protection and Antitrust for the state of Vermont.

Brill and her team will work closely with external stakeholders – including policy makers, regulators, customers and civil society – to ensure Microsoft is playing its part in addressing privacy and data protection issues. She and her team will also work closely with Microsoft’s engineering groups to build strong privacy protection into our products and services to enable Microsoft’s enterprise customers to meet the new privacy standards established by the landmark European Union General Data Protection Regulation.

“I’ve been deeply impressed by Microsoft’s commitment to privacy, their willingness to stand up for customers and their focus on offering constructive solutions to new challenges,” says Brill. “I’ve always tried to do the same throughout my career in government. I’m thrilled to have this opportunity to contribute in a new and particularly meaningful way.”

Brill’s new role will extend beyond privacy to include areas such as telecommunications regulation, corporate standards, internet governance, as well as legal and regulatory issues around accessibility of Microsoft products. She’ll also be responsible for important aspects of the company’s online safety work.

Brill will start her new role with Microsoft this summer.

The post Microsoft appoints globally respected regulator to privacy leadership role appeared first on Microsoft on the Issues.

]]>
Microsoft selects 15 US teens for inaugural Council for Digital Good https://blogs.microsoft.com/on-the-issues/2017/04/25/microsoft-selects-15-us-teens-for-inaugural-council-for-digital-good/ Tue, 25 Apr 2017 13:00:08 +0000 http://blogs.microsoft.com/on-the-issues/?p=51639 It’s official: selections have been made for Microsoft’s inaugural Council for Digital Good! We are eager to welcome 15 teens from across the U.S. to our Redmond, Washington, campus in early August for our first council summit. In January, we announced we were accepting applications for a one-year pilot program for young people ages 13 to 17 to help lay the groundwork for a new approach to online interactions, and Read more »

The post Microsoft selects 15 US teens for inaugural Council for Digital Good appeared first on Microsoft on the Issues.

]]>
It’s official: selections have been made for Microsoft’s inaugural Council for Digital Good! We are eager to welcome 15 teens from across the U.S. to our Redmond, Washington, campus in early August for our first council summit.

In January, we announced we were accepting applications for a one-year pilot program for young people ages 13 to 17 to help lay the groundwork for a new approach to online interactions, and to further champion our work in digital civility.

We received hundreds of applications, which included detailed essays and videos about applicants’ lives online, their perspectives on Microsoft, and their hopes and expectations for the council experience. Young people told us they want to fight back against online bullying; they want to stamp out hate and bias across the web; they want to help make technology available to as many people as possible; and they want to encourage their peers and communities to treat each other with respect and dignity, both online and off.

Here are some application excerpts from three selected council members:

  • “Being on the council will give me an opportunity to meet kids and adults who also are committed to developing ways that technology can make life better for all people … (A) major issue I would like to talk about is what in the real world would be considered hate speech. Online, there is a(n) invisible shield that exists, and I’ve sadly seen profile names, dialogue and comments that I’d best not repeat. It truly makes me sad, and I wish that people would have the better judgment to do what’s right, but solving this problem is also complicated.”

– 14-year-old from Oregon 

  • “There is no silver bullet solution to protect children and young people online. This is a global issue that requires a global response from all segments of society … As young people now have easier access to the internet, they also need to be educated on appropriate use of the internet. I will help youth and their parents/guardians understand that our digital footprint is important and that any information we post online is permanent and follows us for the rest of our life.”

– 13-year-old from Kentucky 

  • “Through the Council (for) Digital Good experience, I would be able to enhance my perspective of how to engage other youth to rally and make a difference in our world … Growing up with this technology, I am aware of the malicious things on the internet, but I also know all the potential the internet holds. The intersection of technology and humanity is critical to advance society.”

– 16-year-old from Maryland

Choosing individual council members was difficult because there were so many outstanding candidates. It was a highly competitive process, and in the end, we assembled a group with diverse life experiences, whom we hope will bring a wealth of views and perspectives to council discussions and activities. We selected nine young women and six young men, all of whom accepted, from 12 states: California, Connecticut, Florida, Georgia, Kentucky, Maryland, Michigan, North Carolina, Ohio, Oregon, Tennessee and Washington. We’re excited to begin engaging with the council in preparation for the August summit. Council members should be on the look-out for an invitation to a kickoff conference call in the coming weeks.

To those who were not selected for this pilot program, know that your voices are important and they were heard. We hope you will consider applying again, as we aim to grow the number of teens focused on advancing respect online and promoting our Digital Civility Challenge.

Our goal for the council is to help young people fully appreciate and understand the risks and potential harms associated with life online. The internet is truly the landmark invention of our lifetime, offering almost limitless opportunities to learn, play, grow and to connect with others. But, it’s not without risk. In turn, we hope to gain perspective from council members on the state of online interactions today; what might make the online space healthier, safer and more enjoyable; and reflect on how Microsoft can play a part in shaping that future.

Thank you to all those who submitted applications, and congratulations to our inaugural council members! We look forward to the next several months, and what we hope will lead to thought-provoking discussions, compelling projects and activities, newfound friendships and, of course, a healthy dose of fun — as we all work to grow a kinder, more empathetic and respectful online world. Follow council activities on aka.ms/CDG or by check-in on Facebook and Twitter with #CouncilforDigitalGood.

For more information about online safety generally, visit our website and resources page.

The post Microsoft selects 15 US teens for inaugural Council for Digital Good appeared first on Microsoft on the Issues.

]]>
Sharing our journey to help customers comply with the EU’s GDPR at IAPP Global Privacy Summit https://blogs.microsoft.com/on-the-issues/2017/04/24/sharing-journey-help-customers-comply-eus-gdpr-iapp-global-privacy-summit/ Tue, 25 Apr 2017 00:00:38 +0000 http://blogs.microsoft.com/on-the-issues/?p=51597 At Microsoft, we work every day to earn our customers’ trust by building cloud services that meet the highest standards for security, privacy, compliance and transparency. During the recent 2017 International Association of Privacy Professionals (IAPP) Global Privacy Summit in Washington, D.C., we spoke with customers and partners about the opportunities and challenges they’re tackling, and listened to what they’d like Microsoft to focus on to help them achieve their Read more »

The post Sharing our journey to help customers comply with the EU’s GDPR at IAPP Global Privacy Summit appeared first on Microsoft on the Issues.

]]>
At Microsoft, we work every day to earn our customers’ trust by building cloud services that meet the highest standards for security, privacy, compliance and transparency.

During the recent 2017 International Association of Privacy Professionals (IAPP) Global Privacy Summit in Washington, D.C., we spoke with customers and partners about the opportunities and challenges they’re tackling, and listened to what they’d like Microsoft to focus on to help them achieve their goals. The discussions were great and we returned home from D.C. with the benefit of insightful feedback and new questions.

The European Union’s General Data Protection Regulation (GDPR) was in nearly every conversation. We are committed to embracing the pro-privacy stance of the GDPR; to developing technical capabilities to support compliance regulations; and to sharing the expertise and insights we’ve developed while working at the intersection of privacy, compliance and technology.

With more than 3,000 attendees this year, we want to thank everyone who met with us, attended our sessions, and advanced the discourse around the GDPR. And big thanks to the IAPP for hosting this meaningful event.

Microsoft’s chief privacy officer, Brendon Lynch receives IAPP’s Vanguard Award

Mug shot of Brendon Lynch

Brendon Lynch

While at the annual summit, we honored the exceptional work of those who have shaped privacy values and innovative technologies as we know them today.

Referred to as a “privacy titan,” Microsoft’s chief privacy officer, Brendon Lynch was recognized with IAPP’s Vanguard Award – which honors privacy professionals who show exceptional leadership, knowledge and creativity in the field of privacy and data protection.

“No one exemplifies excellence in our field in a greater magnitude than Brendon Lynch,” said Trevor Hughes, IAPP CEO and president, CIPP. “He has shown the dedication and diligence to our profession that demonstrates a true professional, someone who believes that this is more than just a job.”

The IAPP selected Lynch based on his numerous accomplishments during 17 years as a privacy leader, his commitment to the global privacy community, and his positive impact on the profession.

“Those of us on the IAPP Board were so proud to honor Brendon with the Vanguard Award for his tremendous contributions to the field of privacy,” said Kalinda Raina, executive committee member of the IAPP board of directors and LinkedIn head of global privacy. “Throughout his career, Brendon has served as a thought leader and a mentor to so many of us in the field, and for that we are all indebted.”

GDPR sets a new bar for digital privacy rights, security and compliance

Microsoft believes that the GDPR is an important step forward for clarifying and enabling individual privacy rights. But there’s a lot to do. To help get you started, at the summit and online we released a whitepaper, “Beginning your General Data Protection Regulation journey.” We encourage you to check it out and learn how these four steps, detailed in our whitepaper, can help simplify your GDPR compliance journey:

  • Discover: Identify what personal data you have and where it resides.
  • Manage: Govern how personal data is used and accessed.
  • Protect: Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches.
  • Report: Action data requests, report data breaches and keep required documentation.
Photo of Microsoft assistant general counsel John Payseno to the left

At left, Microsoft assistant general counsel John Payseno presents information on complying with the EU’s GDPR at the IAPP Global Privacy Summit.

Partnering with you now and in the future

Microsoft and our partners can help you manage and protect personal data, whether you need assistance with policies, processes, or technology.

Microsoft is committed to GDPR compliance across our cloud services when enforcement begins on May 25, 2018. We are the first global cloud services provider to publicly offer you contractual commitments to meet GDPR requirements of processors.

As we countdown to when the GDPR goes into effect, Microsoft will continue to listen to your needs, to innovate, and share best practices with you. Please visit www.microsoft.com/GDPR to learn more about Microsoft’s commitment to privacy, the GDPR and Microsoft’s perspective on how to begin your GDPR journey.

The post Sharing our journey to help customers comply with the EU’s GDPR at IAPP Global Privacy Summit appeared first on Microsoft on the Issues.

]]>