Advice to firms on the right way to collect personal data.

Welcome to Cyber Security Today. It’s Wednesday, July 5th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

I’m away for a few days so this podcast isn’t news oriented. It’s about lessons learned from an investigation by four of Canada’s federal and provincial privacy commissioners just over a year ago into excessive data collected by a coffee chain’s mobile app.

The chain is Tim Hortons, one of this country’s biggest coffee outlets, which has over 5,000 stores around the world including 630 in the U.S.

Last week the office of Canada’s federal privacy commissioner published a blog that looked back at the report’s findings, which confirmed that the Tim Hortons mobile app tracked users even when it was closed.

The column offered advice that I think many organizations should remember:

—when developing a mobile app think whether a reasonable person would see your purposes for collecting or disclosing user data to be appropriate in the circumstances;

—ask for express consent before collecting, using or disclosing data that is likely to be considered sensitive. Which includes geolocation data. And, by the way, that’s asking for express consent, not implied consent;

—provide customers and users with a clear and prominent explanation about key elements of your privacy practices. That includes what data will be collected, whether the app will continue to collect data when it’s closed, who data will be shared with and any meaningful risk of harm or other negative consequences that could result from the collecting of person data;

–and when your firm transfers data to a third party, make sure that company understands its data protection obligations.

Why worry about proper data collection? Because if you don’t it could be bad for business. As a result of this investigation there were headlines about the finding, that Tim Hortons had to delete the location data it collected and that it had to tell its third-party service provider to do the same.

There’s a link to the full column here.

Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, July 5, 2023 – Advice to firms on the right way to collect personal data first appeared on IT World Canada.