Over the past twenty years, many organizations have collected data from their users and customers often with the intention of mining that data for every useful nugget of information. However, most organizations did not consider that there were risks involved with collecting this data should it end up in an attackers hands. The recently enacted European Union (EU), General Data Protection Regulation (GDPR) forced the industry to take data privacy seriously and triggered other governments to create their own data privacy laws. The State of California recently passed the California Consumer Privacy Act which will become effective in 2020, and more legislation is certainly to follow.
- Description of what data is collected
- Description of how the data is collected
- Informing the user if the data will be shared
- Stating that the data will be disclosed if compelled by the law
- Allowing the users to verify, correct, and remove their data
- Provide the users a way to opt out of future communication
Privacy in Software Development - Building Privacy In.