Mobile apps, know the risks for agencies

Fact sheet - Mobile apps, know the risks for agencies (PDF, 52kb)

Mobile apps are a great way to interact, however they can come with some risks when it comes to privacy issues. Use this checklist to ensure that privacy is a top priority when developing an app for use as part of your organisation’s services.

Why does privacy apply?

A mobile application (or “app”) is software that has been designed to run on smartphones, tablet computers and other mobile devices. If you are considered a public sector agency in NSW, the Privacy and Personal Information Protection Act 1998 (PPIP Act) or Health Records and Information Privacy Act 2002 (HRIP Act) may apply to you if you are developing an app that uses personal information, such as photos or location information.

Be transparent

The PPIP Act requires you to be upfront about what you are doing with personal information. Being transparent also builds trust with consumers, who should be able to quickly find your privacy policy, and who should find it easy to understand. Tell people what information you collect and why, how long you will keep it and if that information is shared with others. Give users as much control as possible over their own personal information.

Collection

Consider whether you need to collect any personal information. If you do, legislation requires you to only collect as much personal information as is reasonably necessary to carry out a legitimate purpose. If you can’t be satisfied the reason you are collecting a specific piece of personal information for the app is really required, you probably should not be collecting it. Just because you think it might be useful in the future is not a valid reason for collecting personal information. Avoid collecting information identifying people or their activities, unless it relates directly to the purpose of the app.

Security

Ensure users are able to refuse to update an app and that they can easily deactivate or delete an app. Make sure that you have suitable technical and organisational measures in place to protect personal information, according to the sensitivity of information.

Timing

Communicate with users about privacy in a thoughtful and timely manner. Inform them about your privacy practices before they download the app, and use colours and sounds to draw attention to any privacy related decision you ask a user to make. This will
have more impact and effectively alert them to a privacy matter.

Checklist

  1. Be accountable for your conduct and product
  2. Include privacy protection in your app's design
  3. Identify what personal information is needed, where it is going and what the potential risks are
  4. Develop a clear policy that uses simple language, and communicate this upfront
  5. Have appropriate security measures in place to protect personal information
  6. Collect only the information you need and hold it securely.

For more information

Contact the Information and Privacy Commission NSW (IPC):

Freecall:             1800 472 679
Email:                ipcinfo@ipc.nsw.gov.au
Website:             www.ipc.nsw.gov.au

The Office of the Australian Information Commissioner has also developed a guide for mobile app developers to embed better privacy practices in their products and services – www.oaic.gov.au.

Rating: 
No votes yet
Tags: 
Keywords: 
Checklist - Mobile apps, know the risks for agencies
Archive: 
0
Teaser: 
Mobile apps are a great way to interact, however they can come with some risks when it comes to privacy issues. Use this checklist to ensure that privacy is a top priority when developing an app for use as part of your organisation’s services.