Where to put your mobile privacy dollars now

Last year’s onslaught of headline-making data breaches, mobile app data breaches and leaks of nude celebrity photos all fueled consumer fears about privacy and security. That’s according to a new study on mobile privacy mindsets. This same study revealed that 75 per cent of users understand that the privacy of their data is their responsibility.

As such, they have become much less forthcoming with information when data collectors come to call. Concerns are rising both from a user and a collector point of view. End users, whether they are employees or customers, are requesting a higher level of respect towards their privacy and putting forward more questions as to how and why their personal data is handled.

Those who collect data need to be cognizant of end users’ mounting concerns and take appropriate steps to address them from the ground up, building best practices in privacy into the products and services they provide. Below are five areas to focus your privacy budget on.

1. Policies

Technological changes are occurring at lightning speed, but privacy policies tend to sit in the corner and collect dust. That paradigm won’t work anymore; since change is the operative word here, policies must change as well. Starting at an organisational level, designate a member of your team to be in charge of verifying if the privacy policy needs updating on an annual basis. Long gone are the days when privacy policies were written once to tick a box on the list. They are now tools that empower you to understand your business better.

Regarding the app’s frontend, it is common knowledge that few people take the time to read privacy policies. If you would like your user to read it, our recommendation is to make it as visual and interactive as possible.

2. Innovative training

The majority of breaches happen because an employee opened an unsafe email, divulged credentials over the phone in a social engineering scam or committed some other security faux pas. The solution here may seem straightforward: improving security training amongst employees within the organisation, ranging from basic password guidelines to restricted access policies. However, businesses are facing the issue that employees do not always apply what is learned during training, even less so when carried out through an online platform.

The solution, then, is to use classic storytelling techniques to create a relatable approach specific to your audience, as well as innovative and interactive workshops to involve your employees as an integral part of your privacy solution. This article contains examples that can help in this approach.

3. Make it clear to users

In this era of heightened privacy concerns, users are increasingly reluctant to comply if an app requests information that doesn’t seem to be related to the app’s main functionality. An example of this is the request for the user’s date of birth. A user may be unwilling to blindly hand out such a personal bit of data, particularly when that bit of data—in the wrong hands—can be used for fraud. But if you explain that this data will be used to send out a special birthday coupon each year, users are much more likely to share their information.

4. Risk measurement

It’s a bit of a tightrope walk trying to determine if the risks that your business is facing are proportionate to your current privacy and security initiatives. Business-minded people will always be more inclined to take a more risky approach for the sake of business innovation. And this is fine – just invest whatever resources are necessary to get clear about it.

5. Rethink data usage

It’s important to take a look at how you manage data that you collect through your apps and internally. If privacy was not a foundational aspect of building your business, you can still audit it. An audit will usually try to understand how the data that your business is collecting flows between different geographical regions and divisions. When looking at the results of the audit, it will be clear where the pain points are and which actions should be taken. Should you undergo Safe Harbor Certification? Should you update your privacy policy (or, if you do not have one, what should your privacy policy state)? Looking at the big picture may feel overwhelming. Start by analyzing the data flow within each department separately.

From the user’s point of view, is your app privacy-friendly? Are your “privacy” notifications (request of collection of location, access to contacts, etc.) invasive and disruptive to the user journey? Did you integrate privacy from the outset of the app build process? Via a strong UX/UI review combined with an audit of data collection, you could improve your users’ experience in a straightforward manner. Be transparent about data usage without being invasive to help increase user engagement and retention.

Ultimately, mobile privacy and security call for careful thought as well as financial investment. You need to comply with legal requirements, of course, but don’t stop there. Make sure that end users understand the “why” behind data collection, and then treat that data like the gold it is. Segment it according to type and level of sensitivity, and then design preventive actions that are appropriate for each level. Policy review and employee training round out this strategy for a safe and smooth data collection program.

Agathe Caffier, Senior Counsel, International Operations & Privacy Specialist, DMI

Image Credit: Shutterstock/alexskopje