Evan Schuman: Transparency about data retention requires knowing what you have
A new call for transparency about what data mobile apps are retaining sounds fine and noble, but too many companies don't even know what their apps know about consumers
Computerworld - Now, here's a noble goal. European telecom giant Orange on Friday (Feb. 21) launched a campaign to encourage companies to be much more transparent about the data they are collecting with their mobile apps, as well as helping consumers to better control how such data is used. Laudable, really -- and terribly unrealistic.
I'm not even talking about the fact that most companies would rather not be transparent about why they retain consumer data. ("We're trying to get you to buy expensive stuff that you don't need and probably don't even really want. Why do you ask?") The real problem is that you can't disclose what you don't know.
In a phone interview yesterday (Feb. 24), one of the leaders of that Orange report said that the disconnect between what companies know and what they really need to disclose is alarming. "Every industry needs to make a call to action for transparency," but such an effort is severely complicated by instances where "senior management is not even aware of" the data being retained, said Fred Lindgren, who runs much of mobile strategy for Orange and whose actual title is "senior manager of business anticipation."
Not being aware that data is being retained is a real problem, as the cases cited above demonstrate. I have argued that the problem is that companies that develop mobile apps are likely to test them to make sure they perform the functions that they want the apps to perform, but they don't really think about the need to make sure that the apps aren't doing things that no one expected, such as exposing passwords in plain text.
I actually see companies following one of three paths to data retention. In the first, the companies want to retain the least amount of intrusive data possible, but are not sure how to do it. Those companies can end up issuing mobile apps that are retaining information that they don't even know about. Ask them to be transparent about what they are retaining and they will tell you what they think is the truth but could in fact be very far from it. Companies that follow the second path do want to retain as much data as possible, but they want to hide that from their customers as much as they can. These companies see transparency on this issue as inimical to their interests. That doesn't mean that they are staffed by evil people. They probably think that their data retention is as much a boon to the consumer as it is to the corporation, since it helps their customers get pointed toward the products and services that they really want. If they are secretive about all of that, it's because they figure the customers would get the wrong idea, but the sheer helpfulness of the benefits that arise from data retention make it all OK. Companies on the third path lie somewhere between the other two types of company. They think they know what they're collecting, but don't.
More by Evan Schuman
- Evan Schuman: With Heartbleed, IT leaders are missing the point
- Evan Schuman: Social media endangers corporate secrets
- Evan Schuman: Resurrection of Full Disclosure mailing list is great news, if you're not a cyberthief
- Evan Schuman: Wal-Mart is latest big company with mobile-app security problems
- Evan Schuman: Can Starbucks get people to use its app to pay for dry cleaning?
- Evan Schuman: Is MasterCard's fraud program just another data grab?
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Evan Schuman: Transparency about data retention requires knowing what you have
- Evan Schuman: Your data exposed -- Delta, Facebook, others latest to fall into mobile app trap
- Evan Schuman: Get ready, IT; here comes the Internet of Things
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts