Mobile apps are a great way to interact, however they can come with some risks when it comes to privacy issues. Use this checklist to ensure that privacy is a top priority when developing an app for use as part of your organisation’s services.
Why does privacy apply?
A mobile application (or “app”) is software that has been designed to run on smartphones, tablet computers and other mobile devices. If you are considered a public sector agency in NSW, the Privacy and Personal Information Protection Act 1998 (PPIP Act) or Health Records and Information Privacy Act 2002 (HRIP Act) may apply to you if you are developing an app that uses personal information, such as photos or location information.
Consider whether you need to collect any personal information. If you do, legislation requires you to only collect as much personal information as is reasonably necessary to carry out a legitimate purpose. If you can’t be satisfied the reason you are collecting a specific piece of personal information for the app is really required, you probably should not be collecting it. Just because you think it might be useful in the future is not a valid reason for collecting personal information. Avoid collecting information identifying people or their activities, unless it relates directly to the purpose of the app.
Ensure users are able to refuse to update an app and that they can easily deactivate or delete an app. Make sure that you have suitable technical and organisational measures in place to protect personal information, according to the sensitivity of information.
Communicate with users about privacy in a thoughtful and timely manner. Inform them about your privacy practices before they download the app, and use colours and sounds to draw attention to any privacy related decision you ask a user to make. This will
have more impact and effectively alert them to a privacy matter.
- Be accountable for your conduct and product
- Include privacy protection in your app's design
- Identify what personal information is needed, where it is going and what the potential risks are
- Develop a clear policy that uses simple language, and communicate this upfront
- Have appropriate security measures in place to protect personal information
- Collect only the information you need and hold it securely.
For more information
Contact the Information and Privacy Commission NSW (IPC):
The Office of the Australian Information Commissioner has also developed a guide for mobile app developers to embed better privacy practices in their products and services – www.oaic.gov.au.