Evan Schuman: Transparency about data retention requires knowing what you have
A new call for transparency about what data mobile apps are retaining sounds fine and noble, but too many companies don't even know what their apps know about consumers
Computerworld - Now, here's a noble goal. European telecom giant Orange on Friday (Feb. 21) launched a campaign to encourage companies to be much more transparent about the data they are collecting with their mobile apps, as well as helping consumers to better control how such data is used. Laudable, really -- and terribly unrealistic.
I'm not even talking about the fact that most companies would rather not be transparent about why they retain consumer data. ("We're trying to get you to buy expensive stuff that you don't need and probably don't even really want. Why do you ask?") The real problem is that you can't disclose what you don't know.
In a phone interview yesterday (Feb. 24), one of the leaders of that Orange report said that the disconnect between what companies know and what they really need to disclose is alarming. "Every industry needs to make a call to action for transparency," but such an effort is severely complicated by instances where "senior management is not even aware of" the data being retained, said Fred Lindgren, who runs much of mobile strategy for Orange and whose actual title is "senior manager of business anticipation."
Not being aware that data is being retained is a real problem, as the cases cited above demonstrate. I have argued that the problem is that companies that develop mobile apps are likely to test them to make sure they perform the functions that they want the apps to perform, but they don't really think about the need to make sure that the apps aren't doing things that no one expected, such as exposing passwords in plain text.
I actually see companies following one of three paths to data retention. In the first, the companies want to retain the least amount of intrusive data possible, but are not sure how to do it. Those companies can end up issuing mobile apps that are retaining information that they don't even know about. Ask them to be transparent about what they are retaining and they will tell you what they think is the truth but could in fact be very far from it. Companies that follow the second path do want to retain as much data as possible, but they want to hide that from their customers as much as they can. These companies see transparency on this issue as inimical to their interests. That doesn't mean that they are staffed by evil people. They probably think that their data retention is as much a boon to the consumer as it is to the corporation, since it helps their customers get pointed toward the products and services that they really want. If they are secretive about all of that, it's because they figure the customers would get the wrong idea, but the sheer helpfulness of the benefits that arise from data retention make it all OK. Companies on the third path lie somewhere between the other two types of company. They think they know what they're collecting, but don't.
More by Evan Schuman
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Evan Schuman: Transparency about data retention requires knowing what you have
- Evan Schuman: Your data exposed -- Delta, Facebook, others latest to fall into mobile app trap
- Evan Schuman: Get ready, IT; here comes the Internet of Things
- Evan Schuman: Bluetooth bras and bumping bozos
- Evan Schuman: App testing and sins of omission
- Evan Schuman: Fear of Glass
- Evan Schuman: Hijacked by social media
- Evan Schuman: Starbucks sat on its clear-text password problem for months
- Evan Schuman: Starbucks releases security fix for mobile app
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts