Your product has a purpose, and that purpose should help you identify the information you actually need. Blindly or willfully grabbing information beyond that can subject your product to bad press, excessive government demands, or even financial penalties. Build trust with your users instead by only collecting information as needed.
MAKE YOUR PRIVACY PRACTICES STAND OUT
By building privacy into your products from the beginning and giving your users the information and tools to protect and control their own personal information, you not only help avoid consequences ranging from scathing media coverage to class action lawsuits, you also make users feel truly invested in your product and build invaluable trust and loyalty.
RESPECT YOUR DATA
Jay-Z and Samsung were publicly skewered when their Jay-Z Magna Carta App required so much unnecessary data from users’ smartphones that it “verge[d] on parody.” The app demanded access to a user’s dialed phone numbers, precise GPS location, and details about the user’s other apps. This resulted in a complaint with the Federal Trade Commission (FTC) and forced Samsung to publicly defend the app, all of which left press asking: “If Jay-Z wants to know about my phone calls and email accounts, why doesn’t he join the National Security Agency?”
Google found itself in a public relations nightmare when it was revealed in 2010 that the project had captured traffic from private wireless networks.
Google found itself in a public relations nightmare when it was revealed in 2010 that the project had captured traffic from private wireless networks. Although the company blamed the mistake on a single engineer, an investigation by the Federal Communications Commission (FCC) revealed that the collection “resulted from a deliberate software design decision” on Google’s part. Google was investigated by at least seven countries, has had to defend against multiple class action lawsuits, and paid a $7 million settlement to 38 states and the District of Colombia.
Just because you need location information to make your service work doesn’t mean you actually need to keep that information. Determine how long you need to keep the data you do collect and delete it once it is no longer necessary to accomplish the purpose for which it was collected. This helps ensure that you’re not retaining information that users don’t expect you to keep and reduces the potential harm of data breach and other privacy hazards.
Apple was widely criticized, grilled by the Senate and federal agencies, and sued by customers after researchers discovered that iPhones and iPads were collecting and storing a year’s worth of unencrypted data about user whereabouts. The company was forced to admit it had erred, reduce location data storage to 7 days or less, stop backing up data on people’s computers, and delete information when customers stop using location services.
Sonic.net has been widely lauded for cutting its retention period for user logs down to two weeks.
Sonic.net has been widely lauded for cutting its retention period for user logs down to two weeks. Faced with “a string of legal requests for its users’ data,” the CEO asked engineers to evaluate the company’s actual storage needs to see if reducing data retention could help “protect my customers.” The company determined that a two week retention period was more than adequate to address spam and security issues and properly balanced “an ability to help law enforcement when it’s morally right to do so” with protecting users.