As consumers increasingly rely on the Internet for shopping, banking, e-government and other activities, privacy has become both a major public concern and a barrier to the growth of Internet services and e-commerce. Widely publicized data breaches, alarming statistics about privacy incidents and fear of identity theft all threaten to erode public trust in the Internet – in fact, an RSA Security study found that nearly half of U.S. consumers have “little or no confidence” that organizations are taking sufficient steps to protect their personal data. At the same time, consumers are increasingly frustrated with software and Web sites that do not clearly communicate the potential impact to their privacy, or clearly and consistently offer them controls over how their personal information is used.

The software industry can help address this declining level of trust by establishing a high bar for respecting customer privacy. However, there are currently no industry-wide practices to help standardize the user experience for privacy-oriented software features, or to address privacy issues and concerns in the development process.

To help establish a starting point for these efforts and open an industry dialogue about privacy guidelines for development, Microsoft has released an extensive set of privacy guidelines for developing software products, web sites and services.

The Privacy Guidelines for Developing Software Products and Services, released at the annual International Association of Privacy Professionals (IAPP) Privacy Academy this week in Toronto, draw from the company’s experience incorporating privacy into its development processes and reflect customers’ expectations as well as privacy legislation in effect worldwide. For example, these guidelines reflect the core concepts of the Organization for Economic Cooperation and Development (OECD)’s Fair Information Practices and privacy laws such as the European Union Data Protection Directive, the Children’s Online Privacy Protection Act of 1998 (COPPA), and the Computer Fraud and Abuse Act.