Your data security practices can make or break your reputation as a company users can trust with their data. Data breaches can be disastrous, leading to lawsuits, fines, and reputational harm. Even small startups should take steps to maintain reasonable security procedures to protect the personal information of users from unauthorized access,... +Read more
Collecting and retaining large amounts of user data—especially if that data has nothing to do with your service—can lead to user mistrust and make your company a target for hackers and legal demands alike. It might even violate your agreement with the platform hosting your app or service. An efficient way to avoid these risks is to collect and... +Read more
Before your product or service launches, make sure that you have measures in place to protect the data you collect. Many privacy and security fiascos could have been avoided by following well-established best practices. And no matter your company’s size, a thorough data security plan can help protect user and proprietary data—and your bottom line... +Read more
As your product line evolves or expands, you will face new challenges related to privacy and security, either because you collect and use more information or because new vulnerabilities and threat models emerge. Even if you can’t know exactly what these threats might look like, you can put the pieces into place today to make privacy and security a... +Read more
Implementing and following best practices can help you reduce the risk of a data breach—but it cannot eliminate that risk entirely. The best way to mitigate damage from a breach is to be prepared to act immediately to repair the damage to your users and your brand.+Read more
If your company’s product includes sensors or otherwise captures data about your users’ activities, location, or other attributes, you need to clearly inform users of its capabilities and notify them whenever it is active. Failing to do so can lead to user outrage and legal consequences when users discover that your product has been secretly... +Read more
California law requires any commercial website or mobile app that collects personal information about California residents to post a conspicuous privacy policy. But a privacy policy filled with legal language won’t help your users understand how your company actually protects their information. Clearly and effectively communicate your privacy... +Read more
Many privacy disasters occur when users learn that they have been automatically enrolled in a new service or feature that they find invasive or when users are surprised to find out that your product or company has been collecting and using information about them without their consent. By evaluating products and practices from the perspective of... +Read more
Users want to be in control of how their information is used or shared. Failing to obtain explicit consent to use or share personal information, or making it difficult for users to remove themselves from lists or terminate use of products, risks alienating existing users and discouraging others from joining. Putting your users in control may lead... +Read more
Proactively protecting privacy can reduce burdens on your company and earn your users’ trust. Many of the privacy laws in the United States are badly outdated, resulting in a patchwork system of legal protection for privacy riddled with loopholes and gray areas. This uncertainty may subject your company to legally questionable demands for user... +Read more
Allowing users to express themselves with few limitations helps your product evolve into something that is truly valuable, even if it differs from your original vision. On the other hand, restricting your users’ ability to communicate freely may drive them away from your product entirely. Give your users as many choices as possible in how they... +Read more