The Windows Internet Explorer (Pre-Release Beta 2 Version 8) Privacy Statement makes for interesting reading.  Some excerpts follow (emphasis mine)

Suggested Sites

Suggested Sites is an online experience designed to show you which websites you visit most, and to provide you with suggestions of other websites you might be interested in visiting. When you turn on Suggested Sites, your web browsing history is sent to Microsoft, where it is saved and compared to a frequently updated list of websites that are similar to ones you visit often. You can choose to pause or stop this feature from sending your web browsing history to Microsoft at any time. You can also delete individual entries from your history at any time. Deleted entries will not be used to provide you suggestions for other websites, although they will be retained by Microsoft for a period of time to help improve our products and services, including this feature. Any websites you visit while InPrivate Browsing is active will not be sent to Microsoft.

When Suggested Sites is turned on, the addresses of websites you visit are sent to Microsoft, together with some standard information from your computer such as IP address, browser type, regional and language settings. To help protect your privacy, the information is encrypted when sent to Microsoft. Information associated with the web address, such as search terms or data you entered in forms might be included. For example, if you visited the Microsoft.com search website at http://search.microsoft.com and entered "Seattle" as the search term, the full address http://search.microsoft.com/results.aspx?q=Seattle&qsc0=0&FORM=QBMH1&mkt=en-US will be sent. Address strings might unintentionally contain personal information, but this information is not used to identify, contact or target advertising to you.

Statistics about your usage of Suggested Sites will also be sent to Microsoft such as the time that websites were visited, which website referred you, and how you got there (e.g., by clicking a link or one of your Favorites). This information, along with the website addresses and past history, will be used to personalize your experience, as well as improve the quality of our products and services. Microsoft will not use any information collected to identify, contact or target advertising to you.

All quite interesting.  Ans what doesMicrosoft say about the security and storage of this personal information?  (Again, emphasis is mine)

Security and Storage of Your Information

Microsoft is committed to protecting the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the personal information you provide on computer systems with limited access, which are located in controlled facilities

Information collected by Microsoft as part of providing you with Internet Explorer’s features may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or agents maintain facilities, and by using a Microsoft site or service, you consent to any such transfer of information outside of your country. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union. Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose. Microsoft may access and/or disclose information if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Microsoft; (b) protect and defend the rights of Microsoft (including enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety of Microsoft employees, users of Microsoft products or services, or members of the public.

It’s not clear to me from a quick squizz through the document how long Microsoft plan to hang on to the data that they collect from users’ browsing habits.  One point to note, is that at least this is something that has to be switched on (i.e. it’s opt-in, not opt-out).  BT-Phorm could learn from this at least.