APP 11 requires mobile app developers to take reasonable steps
to protect personal information collected by mobile apps from
misuse, interference and loss, and unauthorised access,
modification or disclosure.
What is considered 'reasonable steps' depends on the
circumstances, including the nature of the information collected,
the consequences for an individual if a data breach occurs, and
practicability. Reasonable steps generally include implementing
policies and procedures that relate to the following:
de-identifying and destroying personal information
monitoring and review
ICT security and data breaches are particularly relevant to
mobile apps. The OAIC expects you to consider privacy security
measures when purchasing or upgrading ICT systems, and developing
the mobile app. Security should not be an afterthought, or
addressed once a data breach occurs. The OAIC expects mobile app
developers to adopt a 'privacy by design' approach, which
aims at building privacy and data protection into the app upfront.
Depending on the particular features of the app you may wish to
consider the following security measures:
minimum password strength
lock outs after a certain number of login attempts
secure password storage
testing of security systems
anti-virus and hacking protection software
There are a number of additional obligations set out in the APPs
that mobile app developers should be aware of, including
obligations relating to:
the collection of personal information
dealing with unsolicited personal information
use or disclosure of personal information
cross-border disclosure of personal information (including use
of cloud-based data storage with overseas servers)
adoption, use or disclosure of government related
quality and security of personal information
access to personal information
correction of personal information
There is an overarching obligation in APP 1 for entities to take
reasonable steps to implement practices, procedures and systems
that will ensure compliance with the APPs.
While there are significant penalties for breaching the APPs,
perhaps the most persuasive incentive to adopt a 'privacy by
design' approach is the competitive edge this may give a mobile
app. Users are concerned about their privacy, and may avoid your
app if you aren't.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).