It is recommended that all administrators read the Microsoft® Office Privacy Statement, which can be found by searching for privacy statement in the Help task pane of any Microsoft Office System application (located by clicking the Help menu).

Privacy options are features within most Microsoft Office 2003 applications that allow anyone working with an Office 2003 item — such as a Microsoft Office Word 2003 document or a Microsoft Office Excel 2003 workbook — to remove user-identifiable properties attached to that file. Examples of such properties include the user's name or user's initials that are retrieved from the registry and typically attached to comments or appear in the Properties dialog under the File menu.

Administrators do not have the ability to remove all personal or hidden author and editor data from a document by using policies or privacy tools, but they can remove those references which are attached to the following Office document objects:

• Tracking changes
• Comments
• Property lists
• Footnotes
• Versions

---

 Note    Microsoft Office Project 2003 and Office Visio® 2003 support removing data only from file properties and not from comments or tracked changes.

---

---

 Note    Authoring references not entered by the application are not removed automatically. For instance, those references entered through the use of field codes are not removed or changed. Or, if hidden text was used to tag a line, and the author of the hidden text embedded his or her initials or name in the hidden text, this reference is not removed because it is not an identified author reference.

---

The privacy feature of Office can replace these known references by changing all known instances of application-inserted references to a generic user name (Author) or by deleting the reference entirely.

For example, Word uses four options to help protect access to private information. The check boxes are grouped under Privacy options on the Security tab (Tools | Options | Security). Not all Office applications take advantage of these four:

• Remove personal information from file properties on save

  Also available in Excel, Microsoft Office Access 2003, Microsoft Office Publisher 2003, Microsoft Office Visio® 2003, Microsoft Office PowerPoint® 2003, and Microsoft Office Project 2003. This option, which is off by default, removes all application-tagged identifiable references — who created a file, made changes to a file, or placed comments in a file — when the file is saved. A policy setting does not exist to enable or disable this setting.

• Warn before printing, saving or sending a file that contains tracked changes or comments

  Available only in Word. Off by default, this option causes a dialog to appear whenever a request to save, print, or send by means of an e-mail message a document containing markup — change tracking or comments — is made. When set, this option applies to all files. This option can also be enabled or disabled using a policy available in the Word11.adm policy template.

• Store random number to improve merge accuracy

  Available in Word. This option, which is on by default, determines whether the file to save will receive a stamp with the RSID number for a particular editing session. The RSID number is a harmless pseudo-random number that reveals no information about a document's authorship or origin. Word uses the RSID information, if present, to enhance the results of merging two versions of a document; but the RSID information is not required for a merge to succeed. This option can also be enabled or disabled using a policy available in the Word11.adm policy template.

---

RSID compatibility issue between Word and Outlook

If a Word document is submitted to Microsoft Office Outlook® 2003 for attachment to an e-mail message, or if you are using Word as the e-mail editor, setting the Store random number to improve merge accuracy option requires also setting an option in Outlook. Follow these steps to make the setting in Outlook:

1. Click Tools.

2. Click Options.

3. Click the Preferences tab.

4. Click E-mail Options.

5. Click Advanced E-mail Options.

6. At the bottom of the dialog, uncheck the Add properties to attachments to enable Reply with Changes check box.

---

• Make hidden markup visible when opening or saving

  Available only in Word. This option overrides the settings in the Show button (Reviewing toolbar). (It may be necessary to enable this button on the Reviewing toolbar. To do so, click the drop-down arrow to the far right on the Reviewing toolbar, point to Add or Remove Buttons, point to Reviewing, and then check the Show option.)

  Markup is considered to be anything in the file that can be hidden from view, such as comments, ink annotations, insertions or deletions, and formatting (hidden text, spaces, paragraph marks, tabs, and so forth).

  When a file is saved and this option is set to checked, regardless of the settings as selected in the Show button, in subsequent openings of the file the markup will be displayed.

  This option appears in the privacy options section because most markup has associated user information attached to it. When this option is set to checked, user information can be seen by other users when they open and examine the file. By default this option is set to checked.

Privacy issues posed by messaging and collaboration

Though it is not commonly thought of as a privacy issue, e-mail messaging, collaboration, and communication programs like Instant Messaging do present privacy issues. In these cases, the user is typically revealing information about who they are to others.

Generally, privacy issues are associated with revealing information of a sensitive nature to Microsoft — such as through application error reporting — or propagation of a document with information about a specific individual who either created or collaborated on a document with others. Since many companies have a corporate image they wish to maintain, it is also important for administrators to take into consideration the privacy issues of the company as well as employees when making decisions to control privacy settings. For instance, collaboration features, Instant Messaging, and Outlook 2003 e-mail settings should be reviewed to determine if they meet the privacy standards established by the company. Correctly setting access to these features and applications will help to maintain employee and corporate privacy concerns.

Privacy-related policies

You can help to control privacy settings by using policy settings available from the various ADM policy templates that are included with the Microsoft Office 2003 Editions Resource Kit. Not shown in the following list are the various collaboration, Instant Messaging, and Outlook policies that can help control some of the privacy issues noted above. It is recommended that an administrator perform a thorough review of all the policy settings available for Office to determine if any of the policy settings will positively affect privacy concerns.

For example:

Word:

Warn before printing, saving, or sending a file that contains tracked changes or comments

Application Error Reporting:

Do not upload user documents

Do not upload any additional data

Office:

Enable Customer Experience Improvement Program

Prevent users from uploading settings to the internet

Default location to store settings file (OPS)

Feedback URL

Publisher:

Update personal information when saving