Evan Schuman: Transparency about data retention requires knowing what you have
A new call for transparency about what data mobile apps are retaining sounds fine and noble, but too many companies don't even know what their apps know about consumers
Computerworld - Now, here's a noble goal. European telecom giant Orange on Friday (Feb. 21) launched a campaign to encourage companies to be much more transparent about the data they are collecting with their mobile apps, as well as helping consumers to better control how such data is used. Laudable, really -- and terribly unrealistic.
I'm not even talking about the fact that most companies would rather not be transparent about why they retain consumer data. ("We're trying to get you to buy expensive stuff that you don't need and probably don't even really want. Why do you ask?") The real problem is that you can't disclose what you don't know.
In a phone interview yesterday (Feb. 24), one of the leaders of that Orange report said that the disconnect between what companies know and what they really need to disclose is alarming. "Every industry needs to make a call to action for transparency," but such an effort is severely complicated by instances where "senior management is not even aware of" the data being retained, said Fred Lindgren, who runs much of mobile strategy for Orange and whose actual title is "senior manager of business anticipation."
Not being aware that data is being retained is a real problem, as the cases cited above demonstrate. I have argued that the problem is that companies that develop mobile apps are likely to test them to make sure they perform the functions that they want the apps to perform, but they don't really think about the need to make sure that the apps aren't doing things that no one expected, such as exposing passwords in plain text.
I actually see companies following one of three paths to data retention. In the first, the companies want to retain the least amount of intrusive data possible, but are not sure how to do it. Those companies can end up issuing mobile apps that are retaining information that they don't even know about. Ask them to be transparent about what they are retaining and they will tell you what they think is the truth but could in fact be very far from it. Companies that follow the second path do want to retain as much data as possible, but they want to hide that from their customers as much as they can. These companies see transparency on this issue as inimical to their interests. That doesn't mean that they are staffed by evil people. They probably think that their data retention is as much a boon to the consumer as it is to the corporation, since it helps their customers get pointed toward the products and services that they really want. If they are secretive about all of that, it's because they figure the customers would get the wrong idea, but the sheer helpfulness of the benefits that arise from data retention make it all OK. Companies on the third path lie somewhere between the other two types of company. They think they know what they're collecting, but don't.
More by Evan Schuman
- Evan Schuman: What if you can't trust your inbox?
- Evan Schuman: Supreme Court on obvious patents: Common sense isn't so horrible
- Evan Schuman: Do you know the people you're following on Twitter? Neither does Twitter, apparently
- Evan Schuman: Is Google forgetting that interactivity pays its bills?
- Evan Schuman: Killer robots? What could go wrong? Oh, yeah ...
- Evan Schuman: One law to rule all data breaches -- but let's make it a real law
- Evan Schuman: Snapchat's reputation is vanishing (unlike its images)
- Evan Schuman: Snapchat's latest feature shows why IT must tame marketing's inner monster
- Evan Schuman: With Heartbleed, IT leaders are missing the point
- Evan Schuman: Social media endangers corporate secrets
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!