X

Microsoft takes employee privacy pulse

How "healthy" is the software giant? Microsoft's Privacy Health Index is a way to keep tabs on whether employees are adhering to company privacy rules.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
See full bio
Robert Lemos
2 min read
Microsoft unveiled Wednesday a new measure for gauging how effectively its managers have followed company privacy policies.

The latest push in the company's Trusted Computing Initiative, the so-called Privacy Health Index could, if successful, provide the company with a grade for how well its employees are guarding customer data.

"Because you cannot manage what you cannot measure, ultimately, this is an important step towards our broader effort of institutionalizing trustworthy computing at Microsoft," said Richard Purcell, corporate privacy officer for the company, in a statement.

Details of the index were announced at Microsoft's Redmond, Wash., campus, where the company hosted a quarterly meeting of the Council of Chief Privacy Officers.

Since the mid-1990s, Microsoft has rated employees using an Organizational Health Index, or OHI, to measure how well they performed toward group goals. Based on a scale between 1 to 5, the measure averages the responses to 19 different questions, such as "I work towards clear goals."

Similarly, the Privacy Health Index will score employees on a scale between 0.0 and 1.0, based on their answers to a set of questions tailored to their jobs.

"This is the way we handle privacy at Microsoft...there is actually an assessment," a Microsoft representative said.

The company hopes to have the plan introduced to all organizations within Microsoft by the end of the year, but the representative said it's likely that the project won't be completed until 2003.

The rating system is the first of four that will be created to support the company's focus on gaining customer trust. The collection of scores, called the Trust Index, will include measures of security, reliability and business integrity.

Purcell is working with Microsoft's Security Strategist Scott Charney on the new system, the representative said.

Microsoft's privacy policy specifies what consumer information its Web sites collect, how that information is used and how consumers can access or maintain information that is gathered.

Microsoft also expects its internal organizations to take reasonable steps to protect personal data from loss, misuse, and unauthorized access or disclosure.