Posted on Friday, Dec 21, 2012
The business case for offering a mobile app can be compelling: an app can give a business a constant presence on its customers’ mobile desktop, building brand awareness and allowing easy and direct interaction. But businesses that roll out apps need to pay attention to privacy rules, too, as the recent enforcement action by California’s Attorney General reminds us.
But CalOPPA doesn’t only apply to commercial websites. It also applies to “online services” – and the California AG has interpreted that term to include mobile apps. In October, the AG’s office notified about 100 companies, including Delta, that their apps did not comply with CalOPPA, and warned them to come into compliance within 30 days.
Businesses that offer mobile apps can draw several lessons from Delta’s misfortune.
Second, make sure that you’re aware of what personally identifiable information is being collected by the app, what your business is doing with that information, and how it’s being shared.
Fifth, if you’re outsourcing the development of your app, make sure that your requirements and specs address privacy issues, and consider whether it’s appropriate or possible to obtain representations, warranties, and indemnifications from the developer.
Finally — and this should go without saying — if you receive a notice from a regulator raising privacy issues, make sure to respond. Dealing with the matter early may avoid bigger problems later.