MAKE YOUR PRIVACY PRACTICES STAND OUT

The key to developing outstanding privacy practices is to proactively identify and address potential privacy risks before they happen.

By building privacy into your products from the beginning and giving your users the information and tools to protect and control their own personal information, you not only help avoid consequences ranging from scathing media coverage to class action lawsuits, you also make users feel truly invested in your product and build invaluable trust and loyalty.

RESPECT YOUR DATA

Limit and protect the data you collect and retain.
Protecting your users’ privacy requires you to be thoughtful about the data you collect and hold. By carefully considering the costs and benefits of collecting data and by properly safeguarding the information that you do collect, you may prevent privacy harms and increase consumer trust in your product. 
IDENTIFY AND COLLECT THE DATA YOU ACTUALLY NEED.

Your product has a purpose, and that purpose should help you identify the information you actually need. Blindly or willfully grabbing information beyond that can subject your product to bad press, excessive government demands, or even financial penalties. Build trust with your users instead by only collecting information as needed.

Case Study

Jay-Z and Samsung were publicly skewered when their Jay-Z Magna Carta App required so much unnecessary data from users’ smartphones that it “

Jay-Z and Samsung were publicly skewered when their Jay-Z Magna Carta App required so much unnecessary data from users’ smartphones that it “verge[d] on parody.” The app demanded access to a user’s dialed phone numbers, precise GPS location, and details about the user’s other apps. This resulted in a complaint with the Federal Trade Commission (FTC) and forced Samsung to publicly defend the app, all of which left press asking: “If Jay-Z wants to know about my phone calls and email accounts, why doesn’t he join the National Security Agency?

Case Study

Google found itself in a public relations nightmare when it was revealed in 2010 that the project had captured traffic from private wireless networks.

Google found itself in a public relations nightmare when it was revealed in 2010 that the project had captured traffic from private wireless networks. Although the company blamed the mistake on a single engineer, an investigation by the Federal Communications Commission (FCC) revealed that the collection “resulted from a deliberate software design decision” on Google’s part. Google was investigated by at least seven countries, has had to defend against multiple class action lawsuits, and paid a $7 million settlement to 38 states and the District of Colombia.

Case Study

Path came under harsh criticism when a software developer discovered that the company violated its own Terms of Use by uploading users’ entire address books to the cloud.

Path came under harsh criticism when a software developer discovered that the company violated its own Terms of Use by uploading users’ entire address books to the cloud. Overwhelming public and press condemnation forced the company to publicly apologize to users and delete the entire collection of user contact information. Path was hit with a class action lawsuit, fined $800,000, and required to conduct annual independent privacy audits for the next 20 years.

85% of consumers limit how or whether they use a mobile app based on privacy concerns (2012).

RETAIN DATA ONLY AS LONG AS YOU NEED IT.

Just because you need location information to make your service work doesn’t mean you actually need to keep that information. Determine how long you need to keep the data you do collect and delete it once it is no longer necessary to accomplish the purpose for which it was collected. This helps ensure that you’re not retaining information that users don’t expect you to keep and reduces the potential harm of data breach and other privacy hazards.

Case Study

Apple was widely criticized, grilled by the Senate and federal agencies, and sued by customers af

Apple was widely criticized, grilled by the Senate and federal agencies, and sued by customers after researchers discovered that iPhones and iPads were collecting and storing a year’s worth of unencrypted data about user whereabouts. The company was forced to admit it had erred, reduce location data storage to 7 days or less, stop backing up data on people’s computers, and delete information when customers stop using location services.

Case Study

Sonic.net has been widely lauded for cutting its retention period for user logs down to two weeks.

Sonic.net has been widely lauded for cutting its retention period for user logs down to two weeks. Faced with “a string of legal requests for its users’ data,” the CEO asked engineers to evaluate the company’s actual storage needs to see if reducing data retention could help “protect my customers.” The company determined that a two week retention period was more than adequate to address spam and security issues and properly balanced “an ability to help law enforcement when it’s morally right to do so” with protecting users.

54% of mobile app users have decided to not install an app when they discovered how much personal information they would need to share in order to use it (2012).

Share This: