You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This article summarizes the behavior of different data objects used within SQL Server and how the objects are used to pass information of a personal or confidential manner. The data classification in this article only applies to versions of the SQL Server on-premises product. It does not apply to the items:
24
+
This article summarizes the behavior of different data objects used within SQL Server and how the objects are used to pass information of a personal or confidential manner. This article serves as an addendum to the overall [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?LinkId=521839). The data classification in this article only applies to versions of the SQL Server on-premises product. It does not apply to the items:
25
25
26
26
- Azure SQL Database
27
27
- SQL Server Management Studio (SSMS)
28
28
- SQL Server Data Tools (SSDT)
29
29
- SQL Operations Studio
30
+
- Database Migration Assistant
31
+
- SQL Server Migration Assistant
32
+
- MS-SQL Extension
30
33
31
34
Definition of *Permitted usage Scenarios*. For the context of this article, Microsoft defines “Permitted Usages Scenarios” as actions or activities that are initiated by Microsoft.
32
35
33
-
***
34
-
35
-
>## Access Control
36
+
## Access control
36
37
37
38
Credential-related information used to secure logins, users, or accounts within a SQL Server installation.
38
39
@@ -41,15 +42,15 @@ Credential-related information used to secure logins, users, or accounts within
|These credentials never leave the user machine via Usage Feedback. |- |- |
49
50
|Crash Dumps may contain Access Control Data. |- |Crash Dumps: Maximum 30 days. |
50
-
|These credentials never leave the user machine via User Feedback unless Customer injects it manually |Limit to Microsoft internal use with no third-party access. |User Feedback: Max 1 year |
51
+
|These credentials never leave the user machine via User Feedback unless customer injects it manually |Limit to Microsoft internal use with no third-party access. |User Feedback: Max 1 year |
51
52
|
52
-
>## Customer Content
53
+
## Customer content
53
54
54
55
Customer content is defined as data stored within user tables, directly or indirectly. The data includes statistics or user literals within query texts that might be stored within user tables.
55
56
@@ -59,20 +60,20 @@ Customer content is defined as data stored within user tables, directly or indir
59
60
- Statistics objects containing copies of values within the rows of any user table.
|This data does not leave the user machine via Usage Feedback. |- |- |
66
67
|Crash Dumps may contain Customer Content and be emitted to Microsoft. |- |Crash Dumps: Max 30 days. |
67
68
|Customers with their consent can send User Feedback that contains Customer Content to Microsoft. |Limit to Microsoft internal with no third-party access. Microsoft can expose the data to the original customer. |User Feedback: Max 1 year |
68
69
69
-
>## End-User Identifiable Information (EUII)
70
+
## End-user identifiable information (EUII)
70
71
71
72
Data received from a user, or generated from their use of the product.
72
73
- Linkable to an individual user.
73
74
- Does not contain content.
74
75
75
-
### Examples end-User identifiable information
76
+
### Examples of end-user identifiable information
76
77
77
78
- Interface Identification. The Full IP address
78
79
- Machine Name
@@ -81,78 +82,85 @@ Data received from a user, or generated from their use of the product.
|This data does not leave the user machine via Usage Feedback. |- |- |
89
-
|Crash Dumps may contain EUII and be emitted to Microsoft. |- |Crash Dumps: Max 30 days |
90
-
|Customer Identification ID may be emitted to Microsoft to deliver new hybrid and cloud features that the users have subscribed to. |- |Currently no such hybrid or cloud features exist.|
91
-
|Customers with their consent can send User Feedback that contains Customer Content to Microsoft.|Limit to Microsoft internal use with no third-party access. Microsoft can expose the data to the original customer. |User Feedback: Max 1 year |
90
+
|Crash dumps may contain EUII and be emitted to Microsoft. |- |Crash dumps: Max 30 days |
91
+
|Customer identification ID may be emitted to Microsoft to deliver new hybrid and cloud features that the users have subscribed to. |- |Currently no such hybrid or cloud features exist.|
92
+
|Customers with their consent can send User Feedback that contains customer content to Microsoft.|Limit to Microsoft internal use with no third-party access. Microsoft can expose the data to the original customer. |User feedback: Max 1 year |
92
93
93
-
>## Internet-Based Services Data
94
+
## Internet-based services data
94
95
95
96
Data needed to provide Internet-based services, per the SQL Server EULA.
|May be used by Microsoft to improve features and/or fix bugs in current features. |Limit to Microsoft internal use with no third-party access. Microsoft can expose the data to the original customer. For example, dashboards |Min 90 days - Max 3 years |
111
112
|Customers with their consent can send User Feedback that contains Customer Content to Microsoft. |Limit to Microsoft internal use with no third-party access. |Customers with their consent can send User Feedback that contains Customer Content to Microsoft. |
112
113
|Power View and SQL Reporting Services Map Item(s) may send data for use of Bing Maps. |Limit to session data |- |
113
114
114
-
>## System Metadata
115
+
## System metadata
115
116
116
-
Data generated in the course of running the server. The data does not contain Customer content.
117
+
Data generated in the course of running the server. The data does not contain customer content.
117
118
118
119
### Examples of system metadata
119
120
120
121
The following are considered system metadata when they do not inlcude customer content, customer access control, or EUII:
121
122
122
123
- Database GUID
123
-
- Hash of Machine Name
124
-
- Hash of Instance Name
125
-
-Hash of Application Name
126
-
- Behavioral/Usage Data
124
+
- Hash of machine name
125
+
- Hash of instance name
126
+
- Application name
127
+
- Behavioral/usage data
127
128
- SQL Customer Experience improvement program data (SQLCEIP)
128
129
- Server configuration data, for example settings of sp_configure
129
130
- Feature configuration data
130
-
- Event Names and Error Codes
131
+
- Event names and error codes
132
+
133
+
Microsoft does examine application name values set by other programs that use SQL Server (example: Sharepoint or 3rd party packaged programs and includes this information in System Metadata sent to Microsoft when Usage Data is enabled). Customers should not place personal data, such as end-user identifiable information, in System Metadata fields or create applications designed to store personal data in these fields.
|May be used by Microsoft to improve features and or fix bugs in current features.|Limit to Microsoft internal use with no third-party access. |Min 90 days - Max 3 years |
137
-
|May be used to make suggestions to the customer. For example, “Based on your usage of the product, consider using feature X since it would perform better.” |Microsoft can expose the data to the original customer, for example through dashboards. |Customer Data Security Logs: Min 3 years - Max 6 years |
140
+
|May be used to make suggestions to the customer. For example, “Based on your usage of the product, consider using feature *X* since it would perform better.” |Microsoft can expose the data to the original customer, for example through dashboards. |Customer Data Security Logs: Min 3 years - Max 6 years |
138
141
May be used by Microsoft for future product planning. |Microsoft may share this information with other hardware and software vendors to improve how their products run with Microsoft software. |Min 90 days - Max 3 years|
139
142
|May be used by Microsoft to provide cloud-based services based on emitted Usage Feedback. For example, a customer dashboard showing feature usage across all SQL Server installations in an organization. |Microsoft can expose the data to the original customer, for example, through dashboards. |Min 90 days - Max 3 years |
140
143
|Customers with their consent can send User Feedback that contains Customer Content to Microsoft. |Limit to Microsoft internal with no third-party access. Microsoft can expose the data to the original customer. |User Feedback: Max 1 year |
144
+
|May use database name and application name to categorize databases and applications into known categories, for example, those that may be running software provided by Microsoft or other companies.|Limit to Microsoft internal with no third-party access.|Min 90 days - Max 3 years |
141
145
142
-
>## Object Metadata
146
+
## Object metadata
143
147
144
-
Data that describes or is used to configure servers, databases, tables, and other resources. Object metadata includes database table and column names but not the contents of database rows or other Customer Content. Customers should not place personal data, such as end-user identifiable information in Object Metadata fields or create applications designed to store personal data in these fields.
148
+
Data that describes or is used to configure servers, databases, tables, and other resources. Object metadata includes database table and column names but not the contents of database rows or other Customer Content. Customers should not place personal data, such as end-user identifiable information in Object Metadata fields or create applications designed to store personal data in these fields. For the permitted usage scenario's below, only hash form is used to determine usage patterns to improve the product.
|May be used by Microsoft to improve features and or fix bugs in current features. |Limited to Microsoft internal use with no third-party access. |Min 90 days - Max 3 years|
Instructions on how telemetry can be turned on/off in product can be referenced here - https://support.microsoft.com/en-us/help/3153756/how-to-configure-sql-server-2016-to-send-feedback-to-microsoft.
0 commit comments