Developing mobile apps, know the risks for agencies

Read the document below or download it here Fact sheet - Developing mobile apps, know the risks for agencies, updated August 2019

Mobile apps are a great way to interact, however they can come with some risks when it comes to privacy issues. Use this checklist to ensure that privacy is a top priority when developing an app for use as part of your organisation’s services.

Why does privacy apply?

A mobile application (or “app”) is software that has been designed to run on smartphones, tablet computers and other mobile devices. If you are considered a public sector agency in NSW, the Privacy and Personal Information Protection Act 1998 (PPIP Act) or Health Records and Information Privacy Act 2002 (HRIP Act) may apply to you if you are developing an app that uses personal information, such as photos or location information.

Be transparent

The PPIP Act requires you to be upfront about what you are doing with personal information. Being transparent also builds trust with consumers, who should be able to quickly find your privacy policy, and who should find it easy to understand. Tell people what information you collect and why, how long you will keep it and if that information is shared with others. Give users as much control as possible over their own personal information.


Consider whether you need to collect any personal information. If you do, legislation requires you to only collect as much personal information as is reasonably necessary to carry out a legitimate purpose. If you can’t be satisfied the reason you are collecting a specific piece of personal information for the app is really required, you probably should not be collecting it. Just because you think it might be useful in the future is not a valid reason for collecting personal information. Avoid collecting information identifying people or their activities, unless it relates directly to the purpose of the app.


Ensure users are able to refuse to update an app and that they can easily deactivate or delete an app. Make sure that you have suitable technical and organisational measures in place to protect personal information, according to the sensitivity of information.


Communicate with users about privacy in a thoughtful and timely manner. Inform them about your privacy practices before they download the app, and use colours and sounds to draw attention to any privacy related decision you ask a user to make. This will have more impact and effectively alert them to a privacy matter.

  • Be accountable for your conduct and product
  • Include privacy protection in the app’s design
  • Identify what personal information is needed, where it is going and what the potential risks are
  • Develop a clear privacy policy that uses simple language, and communicate this upfront
  • Have appropriate security measures in place to protect personal information
  • Collect only the information you need, and hold it securely.
For more information

Contact the Information and Privacy Commission NSW (IPC):

Freecall: 1800 472 679

How easy did you find it to understand this resource?
Have you used the information in this resource to assist you?