#Mobile #Privacy Continues to Challenge Marketers, Developers & Lawmakers

The rapid growth and expansion in the mobile market presents a number of privacy and security issues for mobile software and hardware developers, platform operators, advertisers and marketers who collect, store, use and share consumer information. As awareness of privacy risks grow among consumers, legislators and regulators are increasing scrutiny of mobile privacy and privacy policies in mobile apps.

Businesses operating in the mobile industry are facing a widening array of Regulatory compliance issues. Staying abreast of legal risks and issues can be daunting. How can mobile operators and application developers spot trends and adjust strategies to start competitive? First, keep an eye on FTC activity. Second, monitor new bills coming up in Congress. Third, follow this blog, adlerlaw.wordpress.com.

FTC Privacy Enforcement Actions

Earlier this year, the FTC expanded mobile privacy obligations beyond software to include hardware makers when it announced a settlement with HTC America over charges that HTC failed to use adequate “security by design” in millions of consumer mobile devices. As a result, the company is required to patch vulnerabilities on the devices which include #Smartphones and #Tablets. The settlement, the first action involving a mobile device manufacturer and the new “Privacy By Design” guidelines, sheds some light on the legal risks for mobile device manufacturers and, to some extent, mobile application developers.

Congressional Privacy Laws, Bills & Initiatives

Not surprisingly, federal legislators are taking up the mantle of Consumer Privacy in the area of Mobile Applications. In January 2013, U.S. Rep. Hank Johnson, introduced his mobile privacy bill, The Application Privacy, Protection and Security Act of 2013, or the “APPS Act,”. The bill focuses on transparency, user control and security, mandating that an application 1) provide the user with notice of the terms and conditions governing the collection, use, storage, and sharing of the personal data, and 2) obtain the consent of the user to the terms and conditions. Significantly, the privacy notice is required to include a description of the categories of personal data that
will be collected, the categories of purposes for which the personal data will be used, and the categories of third parties with which the personal data will be shared.

The Bill also requires that application developers have a data retention policy that governs the length for which the personal data will be stored and the terms and conditions applicable to storage, including a description of the rights of the user and the process by which the user may exercise such rights in addition to data security and access procedures and safeguards.

App developers unaware of the data protection requirements may face significant risks and potential harm to their reputation among users of smart devices. If you have concerns about what key data protection and privacy legal requirements apply to mobile applications and the types of processing an app may undertake contact us for a mobile app legal audit. Vague or incomplete descriptions of the ways which a mobile app handles data or a lack of meaningful consent from end users before that processing takes place can lead to significant legal risk. Poor security measures, an apparent trend towards data maximisation and the elasticity of purposes for which personal data are being collected further contribute to the data protection risks found within the current app environment.

Learn more David M. Adler here.

Managing Compliance Obligations For Electronic Communications

Financial Services is one of the most heavily regulated industries. As electronic communications devices and platforms proliferate, message retention and oversight is a top priority for many compliance officers. A recent survey of compliance professionals in the financial services industry identified the following key issues:

    Firms are working smarter, not harder to manage the growing compliance burden.

As the types of messages that Financial services firms are required to monitor and store continue to increase, firms are re-evaluating and updating supervision and retention procedures. Key areas of compliance concerns are

    New regulations
    New communications channels (e.g. social media, text messaging)
    New communications devices (e.g. smartphones and tablets)
    Increased scrutiny/enforcement by regulators
    Inefficiencies of the supervision process
    Mobile devices and communications are emerging as a top concern.

Like many other industries, Financial Services firms are facing the “Bring Your Own Device” (BYOD) challenge: growing use of smartphones and tablets as well as adoption of mobile-specific communications like text messaging. This presents a challenge to conventional compliance practices which has not gone unnoticed by regulators. Last year, FINRA issued Regulatory Notice 11-39, stating that firms are required to retain, retrieve and supervise business communications regardless of whether they are conducted from a work-issued device or a personal device. This presents a challenge to companies that must separate business and personal communications in order to ensure regulatory compliance.

    Social Media and other online communication channels present new concerns.

Use of Social Media is on the rise in the Financial Services industry. However, policies and procedures for supervision and retention lag behind the pace of adoption. In terms of the most requested message types during examination! Email was first, followed by Website pages (including
RSS feeds, blogs, wikis) with Bloomberg or Reuters messages and instant messages ( tied for third place.

Conclusion

While regulatory examiners are increasing their oversight and moving from a check-the-box approach to compliance to scrutiny of the messages themselves, financial services firms are getting more savvy about their approach to compliance. In addition, as the opportunities for new types and channels of electronic communications increase, so too are the archiving and supervision technologies allowing firms use of these emerging communication tools with a greater sense of security.

Social Media & The Law: Weekly Recap June 15, 2012

Here are some of the Social Media Legal headlines from around the world this week.

Pinterest hires Google’s former top lawyer
GMA News

Pinterest remains a hot social media property, registering major growth in recent months. Business Insider said investors just gave it another $50 million at a $1.5-billion valuation, and employees are leaving other Silicon Valley firms to join.

In the Arab World, Social Media Has Fast Developed into a Medium for the Masses
Knowledge@Wharton

A surprising outcome from a recent survey, that social media has an equalizing factor among men and women. They’ve got the same reaction to issues, for instance related to women.

Mobile App Lets You Document and Report Police Stop-and-Frisk Abuse
Mashable

The New York Civil Liberties Union is arming city residents and visitors with an app called Stop and Frisk Watch that records video, audio and GPS data.

FBI Highlights Social Media Risks

BllombergBNA

Last year, some users saw on their Facebook walls enticing posts offering video of Osama bin Laden’s capture. Those that clicked on the link and followed the provided directions ended up giving hackers access to their Facebook accounts; they were victims of a social media scam.

US bank consortium develops social media framework

BITS, the technology policy division of US bank-backed The Financial Services Roundtable, has released “Social Media Risks and Mitigation,” a framework for financial institutions adopting social media and a guide to managing related security risks.

Social media issues span legal, compliance, marketing, communications, IT and human resources departments. “Financial services customers are using social media and demanding that institutions have a secure and prudent presence there,” said Andrew Kennedy, BITS’ social media lead. The bits paper provides an enterprise-wide view of policies, practices, communications and risk management strategies.

Read the full article here: http://tinyurl.com/44rntx2

ABOUT ME

David M. Adler, Esq. is an attorney, author, educator, entrepreneur and partner at the boutique intellectual property, entertainment & media law firm LEAVENS, STRAND, GLOVER & ADLER, LLC based in Chicago, Illinois. My responsibilities include providing advice to business units and executives on copyright, trademark, ecommerce, software/IT, media & entertainment and issues associated with creating and commercializing innovations and creative content, drafting and negotiating contracts and licenses, advising on securities laws and corporate governance and managing outside counsel. Learn more about me here: www.ecommerceattorney.com