Last year’s onslaught of headline-making data breaches, mobile app data breaches and leaks of nude celebrity photos all fueled consumer fears about privacy and security. That’s according to a new study on mobile privacy mindsets. This same study revealed that 75 per cent of users understand that the privacy of their data is their responsibility.
As such, they have become much less forthcoming with information when data collectors come to call. Concerns are rising both from a user and a collector point of view. End users, whether they are employees or customers, are requesting a higher level of respect towards their privacy and putting forward more questions as to how and why their personal data is handled.
Those who collect data need to be cognizant of end users’ mounting concerns and take appropriate steps to address them from the ground up, building best practices in privacy into the products and services they provide. Below are five areas to focus your privacy budget on.
Regarding the app’s frontend, it is common knowledge that few people take the time to read privacy policies. If you would like your user to read it, our recommendation is to make it as visual and interactive as possible.
2. Innovative training
The majority of breaches happen because an employee opened an unsafe email, divulged credentials over the phone in a social engineering scam or committed some other security faux pas. The solution here may seem straightforward: improving security training amongst employees within the organisation, ranging from basic password guidelines to restricted access policies. However, businesses are facing the issue that employees do not always apply what is learned during training, even less so when carried out through an online platform.
The solution, then, is to use classic storytelling techniques to create a relatable approach specific to your audience, as well as innovative and interactive workshops to involve your employees as an integral part of your privacy solution. This article contains examples that can help in this approach.
3. Make it clear to users
In this era of heightened privacy concerns, users are increasingly reluctant to comply if an app requests information that doesn’t seem to be related to the app’s main functionality. An example of this is the request for the user’s date of birth. A user may be unwilling to blindly hand out such a personal bit of data, particularly when that bit of data—in the wrong hands—can be used for fraud. But if you explain that this data will be used to send out a special birthday coupon each year, users are much more likely to share their information.
4. Risk measurement
It’s a bit of a tightrope walk trying to determine if the risks that your business is facing are proportionate to your current privacy and security initiatives. Business-minded people will always be more inclined to take a more risky approach for the sake of business innovation. And this is fine – just invest whatever resources are necessary to get clear about it.
5. Rethink data usage
From the user’s point of view, is your app privacy-friendly? Are your “privacy” notifications (request of collection of location, access to contacts, etc.) invasive and disruptive to the user journey? Did you integrate privacy from the outset of the app build process? Via a strong UX/UI review combined with an audit of data collection, you could improve your users’ experience in a straightforward manner. Be transparent about data usage without being invasive to help increase user engagement and retention.
Ultimately, mobile privacy and security call for careful thought as well as financial investment. You need to comply with legal requirements, of course, but don’t stop there. Make sure that end users understand the “why” behind data collection, and then treat that data like the gold it is. Segment it according to type and level of sensitivity, and then design preventive actions that are appropriate for each level. Policy review and employee training round out this strategy for a safe and smooth data collection program.
Agathe Caffier, Senior Counsel, International Operations & Privacy Specialist, DMI
Image Credit: Shutterstock/alexskopje