FTC’s privacy policy report underscores importance of agility in enterprise mobility

Government Security News Magazine

by T.L. Neff, executive vice president of global client services for Verivo Software

In early February, a U.S. Federal Trade Commission report recommended tougher provisions over mobile app privacy, which caused some big technology companies to raise objections, according to recent news coverage.

What does the FTC’s report and the government’s overall direction on app privacy mean for most enterprises? The answer: neither push back nor panic makes sense. Instead, the sound approach to Washington’s app privacy direction is to make sure you have enough agility with your mobility platform so that your apps can adapt to restrictions that might take shape, while still ensuring you are able to collect highly useful data.

But first, it’s important to understand a couple of key points about the FTC’s staff report:

  • The report is non-binding and doesn’t establish new regulations. While new regulations might take shape, the report actually suggests industry groups take the lead by following some recommended best practices.
  • Some of the recommendations are essentially about the communication of privacy policies, rather than restrictions on data collection. If stronger rules take shape, much of the challenge might be to quickly get privacy notices or new consent screens out to app users.

There appears to be no imminent move toward an FTC crackdown; but, the FTC is calling for more transparency from mobile app developers. The report talks about “just-in-time” disclosures and obtaining user consent. Enterprises that are able to quickly push out notices or consent screens because they have an enterprise mobility platform would be able to meet transparency practices easily.

The tougher requirement would be to actually change the amount or type of private data that an app collects. Most homegrown apps would require significant re-work to change the amount of data that is collected from users, or to what extent that data is stored. The apps will likely be hardcoded to collect certain data points, so changes will require re-coding, re-compiling and re-distributing a new app to each user.

On the other hand, with an enterprise mobility platform, changes in what an app collects can be implemented quickly and easily without the need to push out a new app to each user or re-submit the app to the app store. A platform is built to accommodate a variety of requirements and should be able to enforce new requirements through configuration changes, not major rewrites.

Compliance with privacy rules is nothing new in stricter sectors, such as financial services, which are transparent in communication of privacy policies. But if the direction in Washington continues, more sectors are going to have to become agile in generating disclosures or consent screens.

The big question is whether future app privacy rules will curb the collection of private data, or how companies use that private data. One World Economic Forum report argues that privacy rules should focus on how personal data is used, rather than on the collection itself. That seems a sensible view, given that it is the misuse of private data — such as re-selling it to third parties without consent — which seems to be most onerous.

What regulators should appreciate is that knowing more about app users helps improve apps. For B2E apps, privacy and consent are less of an issue, but vaguely-worded regulations could hamper useful monitoring of apps that are simply aimed at customer service. For reasons like this, enterprises building mobile apps need integrated monitoring features to make their apps more effective.

Companies shouldn’t shy away from capabilities, such as app user monitoring, out of regulatory fears. Whether future app privacy rules or best practices are mainly centered on transparency, or actually put limits on what is collected, enterprises with an agile enterprise mobility platform will be in a better position to adapt their apps.

Read the original article.