Privacy Statement for the Microsoft Error Reporting Service
Last updated: October 2010
Microsoft is committed to helping protect your privacy. This statement explains how the Microsoft Error Reporting (MER) service collects information and how the information can be used. This statement does not apply to other online or offline Microsoft websites, software, or services.
Why does Microsoft collect information about errors and problems?
The information helps Microsoft and Microsoft partners diagnose problems in the software you use and provide solutions. Not all problems have solutions but when solutions are available, they are offered as updates to install or steps for solving a problem you've reported. To help prevent problems and make software more reliable, some solutions are also included in service packs and future versions of the software.
How is information collected?
Many third-party and Microsoft software programs, including some Windows operating systems, are designed to work with the MER service. If a problem occurs in one of these software programs, you might be asked if you want to report it. You can view the details of the report before sending it, although some files might not be in a readable format.
Some software also allows you to report problems automatically instead of requesting your consent each time a problem occurs. If you use automatic reporting, you’re not prompted to review the information in a report before it is sent. However, no information is collected unless you (or your system or network administrator) choose to report problems. You can choose to stop reporting problems at any time.
Enterprise customers can use the Microsoft System Center Desktop Error Monitoring to manage error reporting and data collection, and to choose the information that is sent to Microsoft. The System Center Desktop Monitoring privacy statement can be accessed at http://go.microsoft.com/fwlink/?LinkID=85868.
Windows administrators can use Group Policy to modify many of the settings for the MER service. For more information see http://go.microsoft.com/fwlink/?LinkId=148428.
What types of information can be collected?
The reporting service can collect information about problems that interrupt you while you work and information about errors that occur behind the scenes. It’s important to diagnose errors that occur behind the scenes because these problems, if left unsolved, might cause additional problems such as performance or program failures.
Reports contain information that is most useful for diagnosing and solving the problem that has occurred, such as:
Information such as your IP address, operating system version, browser version, and regional and language settings are also collected because you’re connecting to an online service (web service) to send error reports. However, this information is used only to generate aggregate statistics. It is not used to identify you or contact you.
Reports might unintentionally contain personal information, but this information is not used to identify you or contact you. For example, a report that contains a snapshot of memory might include your name, part of a document you were working on, or data that you recently submitted to a website. If you host virtual machines using a Windows operating system, reports generated by the Windows operating system for the MER service might include information about virtual machines. If you’re concerned that a report might contain personal or confidential information, you should not send the report.
After you send a report, you might be asked to complete a survey about the error you experienced. If you choose to provide your phone number or e-mail address in response to the survey, your report will be personally identifiable. Microsoft might contact you to request additional information to help solve the problem you reported.
Starting with the Windows 7 operating system, MER generates a globally unique identifier (GUID) that is stored on your computer and sent with reports to uniquely identify your computer. The GUID is a randomly generated number; it does not contain any personal information and is not used to identify you. We use the GUID to distinguish how widespread the feedback we receive is and how to prioritize it. For example, the GUID allows Microsoft to distinguish between one customer experiencing a problem one hundred times and one hundred customers experiencing the same problem once.
Who can use the information and how can it be used?
Microsoft uses information about errors and problems to improve Microsoft products and services as well as third-party software and hardware designed for use with these products and services. Microsoft employees, contractors, vendors, and partners might be provided access to information collected by the reporting service, including survey responses. However, they will use the information only to repair or improve Microsoft products and services and third-party software and hardware designed for use with Microsoft products and services.
For example, if a report indicates that a third-party product is involved, Microsoft might send that information to the vendor of the product. The vendor might provide the information to sub-vendors and partners; however, all parties must abide by the terms of this privacy statement.
To improve the products that run on Microsoft software, Microsoft might share aggregate information about errors and problems. Aggregate information is used for statistical analysis and does not contain specific information from individual reports, nor does it include any personal or confidential information that might have been collected from a report.
Information storage, processing, and release
Information that is collected by or sent to Microsoft by the MER service may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland. Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public. Microsoft occasionally hires other companies to provide limited services on its behalf, such as providing customer support, processing transactions, or performing statistical analysis of reports. Microsoft will provide these companies only the information they need to deliver the service. They are required to maintain the confidentiality of the information and are prohibited from using it for any other purpose.
Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities.
Changes to this privacy statement
We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information.
For more information
Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us at http://go.microsoft.com/fwlink/?LinkID=148430.
Microsoft Error Reporting Service
To find contact details for the Microsoft subsidiary or affiliate in your country or region, see the Microsoft Worldwide website at http://go.microsoft.com/fwlink/?LinkID=33329.