I was planning on tackling some of the logistical questions raised in my last post but after getting multiple responses from my invitation for topics, it seems they’ll have to wait for another day. The most common topic asked to be covered was privacy policies. Don’t say you didn’t ask for it.
In addition to the eleven states with privacy acts, a Federal law has been proposed to Congress this year. The duly named Application Privacy, Protection and Security App (“Apps Act”) (you have to love how they come up with these names) suggests providing “for greater transparency in and user control over the treatment of data collected by mobile applications and to enhance the security of such data.” Among other things, the bill would require developers to clearly explain the types, uses, and retention period for any personal data collected. The Act also gives the Federal Trade Commission authority on mobile app transparency. If enacted, many mobile applications will be required to restructure their privacy policies to ensure they are clearly understood by the consumer and include all necessary information.
Best Practices for Mobile Application Developers - https://www.cdt.org/files/pdfs/Best-Practices-Mobile-App-Developers.pdf (App Privacy Guidelines by the Future of Privacy Forum and the Center for Democracy & Technology)
Privacy on the go: Recommendations for the Mobile Ecosystem http://oag.ca.gov/sites/all/files/pdfs/privacy/privacy_on_the_go.pdf (put out by the California Attorney General’s Office)
The report put out by the California Attorney General’s office is especially helpful. The report suggests that developers contemplate all the personally identifiable data that their app could collect. Once the personal identification data that the app may collect is identified, the developer should determine things like how this data will be used, how it will be collected, how long it will be retained, with whom it will be shared, and other such decisions. Finally, the report suggests the developer determine how this information will be protected. Things such as limited data collection and retention and using security safeguards are all recommended.
The two words used repeatedly in these reports are “transparency” and “security.” The more transparent the developer is with their collection of personal data, regardless of whether or not they believe it to be “sensitive,” and the more secure they are with the data collected, the less they will have to worry about being subject to a lawsuit for violation of an individual’s privacy.
The problem with writing on such a topic as privacy policies is that the requirements are not yet in place and they shift like the sands of the desert. Also, I could probably write a Tolkien novel on the subject. Let me know if you have any questions or comments. I can be reached by email or @jdrhyne on twitter.
Next post looks to be either logistical questions or diving into Copyright/Work for hire and what every mobile developer should know about it.