The need for data security in an emerging mobile world has policymakers and government agencies doing their best by providing new tools and proposing legislation to keep pace. A few weeks ago, the APPS (Application Privacy, Protection and Security) Act of 2013 was released for discussion to address mobile data security for consumers.
The bill requires app developers to provide more transparency with “consented terms and conditions, reasonable data security of collected data, and users with control to cease data collection by opting out of the service or deleting the user’s personal data to the greatest extent possible.”
In addition to notifying and asking for consent of users before collecting personal data about them, app developers are required to also provide details about:
What type of personal data will be collected
Purposes for which personal data will be used
Third parties that will have access to the personal data
Data retention policy governing the length of time personal data will be stored
The act also allows consumers to opt out of the app and decide what happens to their personal data that has already been collected – allowing them to delete or stop collecting data entirely. Another mobile security measure of the act would require developers to prevent unauthorized access to a user’s data “through reasonable and appropriate security measures,” as well as promote responsible data storage.
Similar to the recent final omnibus rule modifying the HIPAA Security and Privacy rules, the APPS Act focuses on protecting personal data by increasing transparency between consumers, developers and third parties that may access or have access to personal data via mobile apps. Transparency is key when entrusting access to third parties of any type – especially cloud hosting providers that provide high availability network access for critical applications and data.