Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Handling end user privacy expectations

DMI : 28 September, 2015  (Special Report)
Agathe Caffier, Senior Counsel of International Operations & Privacy Specialist at DMI explains privace expectations of users and how best to handle them in policies and software design
Handling end user privacy expectations

In the wake of ongoing data breaches and revelations about what the post-9/11 NSA had been up to, the average citizen is much more concerned about the privacy and security of their personal data than in times past. Retail websites and their mobile apps continue to collect more data, chasing customers around the Web. Private enterprise will use Big Data analytics and cognitive computing to carefully target consumers with personalized ads to drive revenue and to provide new levels of customer service.

Everything has an upside and a downside, but data collection of this magnitude is currently raising concerns for both users and collectors. End users, whether they are employees or customers, are requesting a higher level of respect towards their privacy and putting forward more questions as to how and why their personal data is handled.

Whoever is collecting all this data, be it website or application developers, needs to be aware of these growing concerns and take appropriate steps to address them from the ground up, building best practices in privacy into the products and services they provide.

According to Gartner, worldwide spending on information security will grow 8.2 percent this year to a total of $76.9 billion. The firm cites continued adoption of mobility as one of the key drivers of security budget growth. Funds are available, but
what are the most effective uses of those funds?

1 Revise Privacy and Security Policies

Privacy policies need to be rethought. That’s at least in part because in our hyper-connected world where speed and change are of the essence, your privacy policy may rapidly become out of date.

Visible to the app user - Conventional wisdom says that no one reads privacy policies. If you would like your user to actually read it, make it as visual and interactive as possible.

Up for yearly review - Choose a team member to be in charge of verifying whether the privacy policy needs updating on an annual basis. Long gone are the days when privacy policies were written once to tick a box on the list. This is now a tool empowering you to understand your business better.

2 Set Risk Levels

It can be tricky determining if your privacy and security initiatives match up with the risks that your business is facing. Business-minded people will always be more inclined to take a riskier approach for the sake of business innovation. And this is fine.

3 Train From Within

Huge external-based breaches are the ones that tend to make headlines, but most data breaches occur due to employee error caused by lack of appropriate training. The solution here may seem straightforward: improving security training amongst employees within the organization, ranging from basic password guidelines to restricted access policies. However, businesses are facing the issue that employees do not always apply what is learned during training, even less so when carried out through an online platform.

Instead, involve your employees as an integral part of your privacy solution by using a relatable storytelling approach specific to your audience, as well as innovative and interactive workshops. This article contains examples of classic storytelling techniques.

4 Educate and Engage End Users

When data collection doesn’t seem to be related to the app’s main functionality, customers do not always understand the need to collect it and may balk. An example of this is the request of the user’s location within a book review app. The user may be reluctant to divulge this information, as the link is unclear, until the user is informed that it will highlight the closest bookshop where they can pick up books similar to a positively reviewed one. There are many ways to educate users on data collection. One way is the clever and targeted use of wizards and notifications.

5 Data Usage Assessments and Privacy Audits

It’s important to assess how your company is managing data, whether it is collected internally or through your apps.

At an organizational level

Privacy may not have been part of the initial design of your business, but you can still be audited. An audit will usually try to understand how the data that your business is collecting flows between different geographical regions and divisions. When looking at the results of the audit, it will be clear where the pain points are and which actions should be taken. Should you undergo Safe Harbor Certification? Should you update your privacy policy (or, if you do not have one, what should your privacy policy state)?

Trying to take this all in at once can seem daunting. Start by analyzing the data flow within each department separately.

On the app’s frontend

Are your “privacy” notifications (request of collection of location, access to contacts, etc.) invasive and disruptive to the user journey? Is your app privacy-friendly? Did you integrate privacy from the outset of the app build process?

You could improve your users’ experience in a straightforward manner with a strong UX/UI review combined with an audit of data collection. Be transparent about data usage without being invasive to help increase user engagement and retention.

Privacy is important, but it can be overdone. Having said that, it’s also possible to abide so strictly to only what is legally required that you miss on out an approach that could even better serve your customers and your organization. A best practice is to determine the kind of information you want to secure—employee, business customer, users, non-personal business confidential, IP, etc.—and categorize each kind according to how sensitive it is. Then build privacy measures that make sense for each kind of data. How would you react if this data were breached? That will tell you what type of emergency strategy to set in place. All the bases, and probably a few extras, will be set in place, making both you and your users happier and more secure.

About the Author:
Agathe Caffier graduated as a business lawyer in London and is now also a Certified Information Privacy Professional (CIPP/E). As well as being the general counsel for DMI, a mobile systems provider, her expertise in new technologies and privacy matters related to mobile has led her to provide privacy guidelines and audits to companies such as Vodafone, Telefonica, Anheuser Bush in Bev and many more. She regularly contributes to specialized publications and whitepapers on privacy and security.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo