Every time a user opens an app on their device, it seems they are being asked to provide both information necessary to engage with the app and far too often additional information that falls into the nice-to-have or marketing niche. Having CISOs participating in the discussions on what data is necessary for an app to function is table stakes. They should have a say in how that data is parsed to determine how it must be protected to remain in compliance with privacy laws. In addition, CISOs have a role to play in assisting the workforce in remaining safe online as well as protecting their (and the company’s) privacy.
The risks of data over-collection
During a recent conversation with Rob Shavell, founder of DeleteMe, he commented how data over-collection by companies is a rampant problem. The data brokers take what you give them and what they scrape and package and sell it. He notes, “Employers are now helping employees protect their PII [personal identifiable information] as it is in the company’s interest to do so.”