RESPECT YOUR DATA

Limit and protect the data you collect, retain, and use.
Protecting your users’ privacy requires you to be thoughtful about the data you collect and hold, and how you use it. By carefully considering the costs and benefits of collecting data and by properly safeguarding the information that you do collect, you prevent privacy harms and increase consumer trust in your company. 

“Mental health professionals say data breaches and other cyber crimes are increasingly taking a heavy psychological toll on the millions of Americans whose personal information is plundered by fraudsters.” USA Today Article, Feb. 2020

COLLECT DATA SECURELY.

Secure every method of collecting data—whether over the phone, by mail, through email, via web forms, or from affiliates or other third parties—against snooping and data theft. Follow established practices, such as ensuring that any communication carrying potentially sensitive information is encrypted and secure, to protect your users’ data in transit.

Case Study

Companies Secure Success with HTTPS by Default

Since 2010, tech giants including Google, Yahoo, Twitter,

Since 2010, tech giants including Google, Yahoo, Twitter, Reddit, Microsoft, and Facebook have received applause for encrypting user connections by default via HTTPS. By moving to HTTPS-by-default, the sites help protect users from monitoring by governments and bad actors. Privacy advocates welcomed Facebook’s move to HTTPS as a “huge step forward” while emphasizing that Yahoo’s move to encrypt its mail servers was “better late than never.”

+ read more
Case Study

CloudFlare Wins Acclaim for Offering Security for Free

CloudFlare, a major content delivery network, won praise for offering HTTPS encryption for its clients’ data by default, for free.

CloudFlare, a major content delivery network, won praise for offering HTTPS encryption for its clients’ data by default, for free. In a move widely covered in the press, CloudFlare cofounder and CEO Matthew Prince announced that the company would encrypt its customers’ traffic because it was the “right thing to do.” The press agreed, describing CloudFlare’s business decision as a “present” for the Internet and an “impressive move” that would help the company get more customers by offering great security.

+ read more

90% of people surveyed say technology companies should do more to protect their information. (2024).

 

STORE DATA SECURELY.
Data, whether on your servers, laptops, smartphones, or paper, should be secure. Breaches can involve not only hightech methods such as hacking and phishing but also decidedly low-tech methods such as rooting in dumpsters and stealing from mailboxes. Keep both your physical and network security up to date and use encryption and similar techniques to protect data wherever possible.
Case Study

Apple Lauded for Encrypting Data by Default

Apple garnered high marks from its customers and the press when it bucked government opposition and announced that its mobile operating system would automatically encrypt all data st

Apple garnered high marks from its customers and the press when it bucked government opposition and announced that its mobile operating system would automatically encrypt all data stored on the iPhone or iPad. Apple also made encryption easy to use by allowing users to enable it at the same time they set up a password for their device. Commenters described the new feature as a “godsend” that would vastly improve security for the troves of information stored on a modern smartphone from both hackers and government surveillance.

+ read more
Case Study

Mobile Phone Carriers Ring Up $20 Million FCC Proposed Penalty for Lax Privacy and Security

The FCC hit Q Link Wireless LLC and Hello Mobile Telecom LLC with a proposed penalty of $20 million in 2023 for failing to protect the privacy and security of people’s information.

The FCC hit Q Link Wireless LLC and Hello Mobile Telecom LLC with a proposed penalty of $20 million in 2023 for failing to protect the privacy and security of people’s information. FCC rules require service providers to authenticate who someone is before giving them access to personal information and require the use of reasonable data security standards. The mobile phone carriers’ apparent violation of those rules placed customers “at increased risk for privacy violations and bad actor’s potential misuse of their sensitive personal data.” FCC Enforcement Chief and Head of the Privacy and Data Protection Task Force made it clear that this enforcement action should put all telecommunications service providers “on notice that protecting customers’ data should be their highest priority, and we will use our authorities to ensure that they comply with their obligations to do so.”

 

+ read more

“The fault for breaches almost always lies with insufficient security practices by the affected company, not by the victims of the breach,” says Adam Aviv, associate professor of computer science at George Washington University. 

“U.S. residents are overwhelmingly concerned about ransomware attacks (77% very/somewhat concerned) and agree that foreign ransomware and other cyber-attacks on U.S. infrastructure and manufacturing should be treated as acts of terrorism (86%).” Mitre-Harris Poll, 2022.

Share This:

Related Content

From the Primer

Do You Have Comprehensive Privacy and Security Practices?

Before your product or service launches, make sure that you have measures in place to...+ Read more