BACKGROUND:
New research by academics at Trinity College Dublin and the University of Edinburgh has revealed extensive no opt-out data collection on Android devices. The researcher found that a range of popular Android mobile phones are sharing the data with third parties with no opt-out available to the user. Cybersecurity experts provide insight on this research below.
<p>This research is really interesting as it highlights the risk and financial business impact of not investing in a robust privacy program, which is something that not all businesses pay attention to.</p>
<p>The business impact is the financial cost associated with legal fees and potential privacy regulatory fines as a result of not adhering to GDPR compliance requirements. There are also financial implications with employee compensation if found that the privacy of their data was not adhered to both from a business collection purpose and/or if adequate protection controls were not in place leading to the result of their data being breached. </p>
<p>Executive management needs to understand that Trust and Security is a business differentiator. Not having an adequate privacy program with dedicated privacy operations will slow businesses down in fulfilling data discovery requirements for privacy, such as the subject access requests and general eDiscovery that protects organizations in legal cases like this. We are likely to see more of these cases arise in the future if organisations do not take heed.</p>