"Having IAPP certification has created a valuable peer group for Microsoft’s privacy professionals."
How Microsoft Leveraged IAPP Certification and Training to Enhance a Privacy-aware Culture and Build Customer Trust
As Microsoft’s technology has evolved from traditional software to online services and cloud computing, privacy has become increasingly essential to its business. With the help of the IAPP, and thanks to a corporate culture that emphasizes privacy, Microsoft now boasts more than 100 IAPP-trained and CIPP-certified professionals throughout the company, as well as a corporate culture that emphasizes the importance of privacy.
User Trust and Employee Education
The launch of MSN online services in the mid-1990s involved data collection and advertising, which meant handling sensitive information. Microsoft needed to ensure their customers understood how that information was being handled. Kim Howell, CIPP/US, Microsoft’s Director of Privacy and Online Safety Policy, explains: “It was important that the customer felt that they were in control and could trust us with that information.”
Microsoft sought a way to make it clear to the company as a whole that its users’ privacy was important. The goal was to make sure that the people with the authority to sign off on high-risk privacy reviews had the knowledge necessary to make sure those assessments were done correctly.
A Privacy-Focused Culture that Emphasizes Privacy Training and CIPP Certification
Microsoft fosters a company-wide commitment to privacy, which extends beyond privacy managers to departments across the organization. Through a special licensing agreement with the IAPP, training is made available to all employees online via the Microsoft Intranet, and employees are encouraged to test for the CIPP and attend IAPP conferences. Of the more than 100 CIPP-certified professionals at Microsoft, only half are privacy managers. The other half are in adjacent professions, including developers and engineers. These individuals serve as the eyes and ears of privacy, and funnel issues up to the privacy managers. Says Howell, “Employees like to be certified; they find it gives them a greater understanding of their job.”
Microsoft also works hard to help privacy managers maintain their knowledge with innovative continuing education programs. They have implemented an annual “upgrade” where the IAPP comes to the Microsoft campus and updates them on what is happening in the privacy field. In addition, they established a Community Enablement Program, which holds regular monthly meetings with privacy managers (currently 80 of them), and weekly office hours.
Better Decision-Making, Improved Productivity, Sense of Community
Many Microsoft employees voluntarily go through the CIPP program to help them understand the value of privacy, even if it’s not their primary responsibility. What began as a grass roots effort has resulted in Microsoft having more CIPPs than any other organization in the world. By fostering a company-wide commitment to understanding privacy, processes have become more fluid, and employees are better equipped to make critical decisions and identify privacy risks. “The more ingrained privacy is in people’s work, the easier it is not to have to correct things at the last minute,” Howell says.
Widespread CIPP certification and training makes it easier for privacy to be impactful because it becomes part of the process and product cycle. “People are building privacy in from the beginning and then privacy managers are just coming in and double-checking that they have followed privacy protocol,” explains Howell. This has resulted in improved productivity across the company.
Unlike developers and engineers that have a well-documented career path, privacy is still somewhat undefined. The IAPP has helped Microsoft’s CIPPs to define a career path, and enabled them to feel part of a larger community. “Having IAPP certification has created a valuable peer group for Microsoft’s privacy professionals,” says Howell.
Further Increase Awareness and Enhance the Number of CIPPs
Microsoft is committed to continuing to increase awareness of privacy across the organization. In order to ensure that employees are working from the same knowledge baseline company-wide, Microsoft is working with the IAPP to create a program that results in CIPP certification with an addendum that includes Microsoft standards.
Download a PDF version of this case study here.
Find out how you can move your privacy program forward with IAPP certification and training. For more information, contact us at email@example.com or +1 603.427.9200.