RESPECT YOUR DATA

Limit and protect the data you collect and retain.
Protecting your users’ privacy requires you to be thoughtful about the data you collect and hold. By carefully considering the costs and benefits of collecting data and by properly safeguarding the information that you do collect, you may prevent privacy harms and increase consumer trust in your product. 

“Mental health professionals say data breaches and other cyber crimes are increasingly taking a heavy psychological toll on the millions of Americans whose personal information is plundered by fraudsters.” USA Today Article, Feb. 2020

COLLECT DATA SECURELY.

Secure every method of collecting data—whether over the phone, by mail, through email, via web forms, or from affiliates or other third parties—against snooping and data theft. Follow established practices, such as ensuring that any communication carrying potentially sensitive information is encrypted and secure, to protect your users’ data in transit.

Case Study

Companies Secure Success with HTTPS by Default

Since 2010, tech giants including Google, Yahoo, Twitter,

Since 2010, tech giants including Google, Yahoo, Twitter, Reddit, Microsoft, and Facebook have received applause for encrypting user connections by default via HTTPS. By moving to HTTPS-by-default, the sites help protect users from monitoring by governments and bad actors. Privacy advocates welcomed Facebook’s move to HTTPS as a “huge step forward” while emphasizing that Yahoo’s move to encrypt its mail servers was “better late than never.”

Case Study

CloudFlare Wins Acclaim for Offering Security for Free

CloudFlare, a major content delivery network, won praise for offering HTTPS encryption for its clients’ data by default, for free.

CloudFlare, a major content delivery network, won praise for offering HTTPS encryption for its clients’ data by default, for free. In a move widely covered in the press, CloudFlare cofounder and CEO Matthew Prince announced that the company would encrypt its customers’ traffic because it was the “right thing to do.” The press agreed, describing CloudFlare’s business decision as a “present” for the Internet and an “impressive move” that would help the company get more customers by offering great security.

72% of consumers will avoid buying from companies that they believe do not protect their personal information (2014).

STORE DATA SECURELY.
Data, whether on your servers, laptops, smartphones, or paper, should be secure. Breaches can involve not only hightech methods such as hacking and phishing but also decidedly low-tech methods such as rooting in dumpsters and stealing from mailboxes. Keep both your physical and network security up to date and use encryption and similar techniques to protect data wherever possible.
Case Study

Apple Lauded for Encrypting Data by Default

Apple garnered high marks from its customers and the press when it bucked government opposition and announced that its mobile operating system would automatically encrypt all data st

Apple garnered high marks from its customers and the press when it bucked government opposition and announced that its mobile operating system would automatically encrypt all data stored on the iPhone or iPad. Apple also made encryption easy to use by allowing users to enable it at the same time they set up a password for their device. Commenters described the new feature as a “godsend” that would vastly improve security for the troves of information stored on a modern smartphone from both hackers and government surveillance.

Case Study

Hookup Apps Grindr and Blendr Slammed for Security Issues

Location-based dating apps Grindr and Blendr were slammed for failing to protect private accounts with software that was “poorly designed” with “no real security.” The apps allow users to seek out like-minded people for dating or socializing, sharing real-time locations and up-to-date profiles complete with pictures.

Location-based dating apps Grindr and Blendr were slammed for failing to protect private accounts with software that was “poorly designed” with “no real security.” The apps allow users to seek out like-minded people for dating or socializing, sharing real-time locations and up-to-date profiles complete with pictures. However, research demonstrated that security flaws allowed users to take control of others’ profiles, sending pictures and messages on their behalf. Worse yet, it took the apps’ parent company a couple of weeks to make fixes even after the flaws were disclosed. Grindr and Blendr’s failure to protect their users led to calls for users to delete their accounts despite a public apology from the company’s founder and CEO.

“The fault for breaches almost always lies with insufficient security practices by the affected company, not by the victims of the breach,” says Adam Aviv, associate professor of computer science at George Washington University. 

“U.S. residents are overwhelmingly concerned about ransomware attacks (77% very/somewhat concerned) and agree that foreign ransomware and other cyber-attacks on U.S. infrastructure and manufacturing should be treated as acts of terrorism (86%).” Mitre-Harris Poll, 2022.

Share This: